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(57) ABSTRACT 

A memory card (110) includes a memory (1415) to store 
encrypted content data, a license hold unit (1440) to store at 
least a portion of license information distributed by a 
distribution system, a plurality of authentication data hold 
units (1400.1, 1400.2), each storing a plurality of authenti- 
cation data that are authenticated respectively by a plurality 
of public authentication keys KPma, KPmb common to the 
distribution system, and a switch (SW2) to selectively 
provide the data from the plurality of authentication data 
hold units outside of said recording apparatus according to 
a request external to the memory card (110). 
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CONTENT DATA STORAGE 

TECHNICAL FIELD 

[0001] The present invention relates to a recording appa- 
ratus such as a memory card that allows copyright protection 
on copied information in an information distribution system 
to distribute information to terminals such as cellular 
phones, a reproduction apparatus of information recorded in 
such a recording apparatus, and a data distribution system 
including such recording apparatuses and reproduction 
apparatuses. 

BACKGROUND ART 

[0002] By virtue of the progress in the Internet and digital 
information communication networks, each user can now 
easily access network information through an individual- 
oriented terminal using a cellular phone or the like. 

[0003] In digital information communication, information 
is transmitted through digital signals. For example, each user 
can transfer music and video information in the aforemen- 
tioned digital information communication network without 
degradation in audio quality and picture quality. 

[0004] It will be a system useful to the copyright owner if 
appropriate fees can be collected for distribution of content 
data such as copyrighted works of music and video infor- 
mation through the disseminating digital information com- 
munication network. 

[0005] In such digital information communication net- 
works, there is a possibility of the rights of the copyright 
owner being significantly infringed by a flood of replicates 
of copyright information within the digital information 
network unless some appropriate measures to protect the 
copyright are taken when content data corresponding to 
copyrighted works such as music and video information is to 
be transmitted. 

[0006] Therefore, in distributing content data such as 
music or copyright information to allow reproduction of 
such content data through the digital information commu- 
nication network, authentication with respect to the appara- 
tus requesting distribution will become necessary. 

[0007] It is also necessary to accommodate the possibility 
of the contents of such authentication procedures being 
obtained by a third party through fraudulent means to allow 
an improper user to receive distribution through the digital 
communication network. 

[0008] Furthermore, it is necessary to prevent music data, 
once received by an appropriate user, from being replicated 
without restriction in a reproducible state. 

DISCLOSURE OF THE INVENTION 

[0009] An object of the present invention is to provide a 
recording apparatus, a reproduction apparatus, and a data 
distribution system using such recording apparatuses and 
reproduction apparatuses that can supply copyright infor- 
mation such as of music data to users that can receive/ 
transmit data through an information communication net- 
work such as cellular phones while protecting copyrights. 

[0010] Another object of the present invention is to pro- 
vide a data distribution system that can prevent distributed 



copyrighted data from being replicated without permission 
of the copyright owner, and a recording apparatus and 
reproduction apparatus used in such a data distribution 
system. 

[0011] According to the present invention, a recording 
apparatus to store license information that renders encrypted 
content data reproducible includes a first storage unit, a 
plurality of authentication data hold units, and a first select 
unit. 

[0012] The first storage unit stores at least a portion of 
license information. Each of the plurality of authentication 
data hold units stores a plurality of authentication data that 
can be respectively verified by a plurality of public authen- 
tication keys. The first select unit selectively provides 
authentication data from the plurality of authentication data 
hold units outside of the recording apparatus according to a 
request external to the recording apparatus. 

[0013] Preferably, the recording apparatus further includes 
a second key hold unit, a third key hold unit, and a second 
decryption unit. 

[0014] The second key hold unit stores a second public 
secret key predefined with respect to the recording appara- 
tus. The third key hold unit stores a second private decryp- 
tion key asymmetric to the second public encryption key, 
and used to decrypt data encrypted by the second public 
encryption key. The second decryption unit receives license 
information encrypted with the second public encryption 
key to decrypt the received information using the second 
private decryption key. 

[0015] Further preferably, the recording apparatus 
includes a second storage unit, a fourth key hold unit, a first 
encryption unit, and a third decryption unit. 

[0016] The second storage unit stores in an encrypted state 
a content decryption key from the license information, used 
to decrypt encrypted content data. The fourth key hold unit 
stores at least one symmetric type secret unique key in a 
symmetric key scheme. This key is unique to each recording 
apparatus. The first encryption unit receives the output of the 
second decryption unit to encrypt the same with the secret 
unique key. The third decryption unit decrypts using the 
secret unique key the content decryption key encrypted by 
the first encryption unit and stored in the second storage unit. 

[0017] According to another aspect of the present inven- 
tion, a data reproduction apparatus to decrypt encrypted 
content data and reproduce content data includes a data 
storage unit, and a data reproduction unit. 

[0018] The data storage unit stores encrypted content data 
and a content decryption key to decrypt the encrypted 
content data. The data storage unit can output the content 
decryption key in an encrypted state, and is detachable from 
the data reproduction apparatus. The data reproduction 
apparatus receives an output from the data storage unit to 
reproduce encrypted content data. 

[0019] The data reproduction unit includes a first decryp- 
tion processing unit, a second decryption processing unit, a 
plurality of authentication data 

[0020] The first decryption unit extracts a content decryp- 
tion key by applying a decryption process using a first 
symmetric key, based on the encrypted content decryption 
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key from the data storage unit. The second decryption unit 
receives the encrypted content data read out from the data 
storage unit to extract content data by applying a decryption 
process using the output of the first decryption unit. Each of 
the plurality of authentication data hold units stores a 
plurality of authentication data that can be respectively 
verified by a plurality of public authentication keys common 
to the distribution system. The authentication data can be 
output to the data storage unit. The plurality of authentica- 
tion data have a predetermined value predefined during 
fabrication of the content reproduction apparatus, and can 
authenticate a first public encryption key corresponding to 
the type of the content reproduction apparatus using respec- 
tive plurality of public authentication keys. The select unit 
selectively provides the data from the plurality of authenti- 
cation data hold units outside the data reproduction unit 
according to a request external to the data reproduction unit. 
The first key hold unit stores a first private decryption key 
asymmetric to the first public encryption key, and used to 
decrypt data encrypted with the first public encryption key. 
The third decryption unit receives the first symmetric key 
encrypted by the first public encryption key from the data 
storage unit to decrypt the received first symmetric key 
using the first private decryption key. The session key 
generation unit generates the first symmetric key. The ses- 
sion key encryption unit encrypts the first symmetric key 
used for encryption of the content decryption key by the first 
symmetric key, and provides the encrypted key to the data 
storage unit. The data storage unit includes a control unit 
conducting an authentication process based on the authen- 
tication data from the select unit to determine whether to 
output the encrypted content decryption key to the data 
reproduction unit based on the authentication result, and 
controls the output of the content decryption key encrypted 
with the first symmetric key when determination is made to 
output the content decryption key to the data reproduction 
unit. 

[0021] According to a further aspect of the present inven- 
tion, a content reproduction apparatus decrypting encrypted 
content data using a content decryption key for reproduction 
is loaded with a license information storage apparatus stor- 
ing encrypted content data, and a content decryption key 
supplied individually apart from the encrypted content data, 
and required to decrypt encrypted content data for repro- 
duction. The content reproduction apparatus includes a first 
decryption unit, a second decryption unit, a plurality of 
authentication data hold units, a select unit, a first key hold 
unit, a third decryption unit, a session key generation unit, 
and a session key encryption unit. 

[0022] The first decryption unit extract a content decryp- 
tion key by applying a decryption process using a first 
symmetric key, based on the content decryption key from the 
license information storage apparatus. The second decryp- 
tion unit receives and decrypts encrypted content data read 
out from the license information storage apparatus using an 
output of the first decryption unit to extract content data. 
Each of the plurality of authentication data hold units stores 
a plurality of authentication data that can be verified by 
respective plurality of authentication keys stored in the 
license information storage apparatus. The authentication 
data can be output to the license information storage appa- 
ratus. The plurality of authentication data have a predeter- 
mined value predefined during fabrication of the content 
reproduction apparatus, and can authenticate the first public 



encryption key that corresponds to the type of the content 
reproduction apparatus using a plurality of public authenti- 
cation keys. The select unit selectively outputs one of the 
plurality of authentication data to the license information 
storage apparatus. The first key hold unit stores a first private 
decryption key asymmetric to the first public encryption key, 
and used to decrypt data encrypted with the first public 
encryption key. The third decryption unit receives a second 
symmetric key encrypted by the first public encryption key 
from the license information storage apparatus to decrypt the 
second symmetric key using the first private decryption key. 
The session key generation unit generates a first symmetric 
key. The session key encryption unit encrypts the second 
symmetric key used for encryption of the content decryption 
key by the first symmetric key, and provides the encrypted 
key to the license information storage apparatus. 

[0023] According to still another aspect of the present 
invention, a license information distribution system to dis- 
tribute encrypted content data, and license information that 
is supplied individually apart from the encrypted content 
data, and that renders at least encrypted content data repro- 
ducible includes a server, and a reception terminal. 

[0024] The server distributes license information that 
includes a content decryption key used to decrypt encrypted 
content data. 

[0025] The reception terminal receives distributed license 
information in a data distribution system that distributes at 
least license information that renders encrypted content data 
reproducible. The reception terminal includes a data storage 
unit storing encrypted content data and a content decryption 
key required to decrypt the encrypted content data. The data 
storage unit outputs the content decryption key in an 
encrypted state, and is detachable from the reception termi- 
nal. The data storage unit includes a first storage unit, a 
second storage unit, a plurality of first authentication data 
hold units, a first select unit, a first key hold unit, a first 
decryption unit, a session key generation unit, a session key 
encryption unit, and a session key decryption unit. 

[0026] The first storage unit stores encrypted content data. 
The second storage unit stores at least a portion of the 
license information distributed through the distribution sys- 
tem. Each of the plurality of first authentication data hold 
units stores a plurality of authentication data that can be 
respectively verified by a plurality of public authentication 
keys common to the distribution system. The plurality of 
authentication data have a predetermined value predefined 
during fabrication of the data storage unit, and can authen- 
ticate the first public encryption key corresponding to the 
type of the data storage unit using respective plurality of 
public authentication keys. The first select unit selectively 
provides authentication data from the plurality of first 
authentication data hold units outside the data storage unit 
according to a request external to the data storage unit. 

[0027] The first key hold unit stores a first private decryp- 
tion key that is asymmetric to the first public encryption key, 
and used to decrypt data encrypted with the first public 
encryption key. The first decryption unit receives and 
decrypts using the first private decryption key a first sym- 
metric key encrypted by the first public encryption key from 
the server. A session key generation unit generates a second 
symmetric key. The session key encryption unit encrypts the 
second symmetric key used for encryption of license infor- 
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mation by the first symmetric key, and provides the 
encrypted key to the server. The session key decryption unit 
receives license information that is supplied from the supply 
source of license information and that is encrypted using the 
second symmetric key, and decrypts the received license 
information with the second symmetric key. 

[0028] The server distributes license information. The 
server includes a first control unit conducting an authenti- 
cation process based on the authentication data from the data 
storage unit to encrypt license information using the second 
symmetric key for distribution when authentication is valid. 

[0029] Therefore, the advantage of the present invention is 
that, since the distribution system using the recording appa- 
ratus of the present invention is operated with always a 
plurality of authentication keys to conduct mutual authen- 
tication, security of the system can be maintained even if a 
certificate key corresponding to one authentication key is 
broken by a third party. 

[0030] Furthermore, since the content key and the like 
distributed in an encrypted state with the public key scheme 
using an asymmetric key are encrypted again using a com- 
mon secret key unique to the memory card according to the 
symmetric key scheme that allows decryption at high speed 
and stored in a memory card, the decryption process on the 
content key which is the information required for a repro- 
duction process can be effected at high speed in the music 
data reproduction process corresponding to the encrypted 
content data. Additionally, the level of security is improved 
by altering the key for such data transmission and the key for 
storage in the memory card, can be respectively verified by 
a plurality of public authentication keys common to the 
distribution system. The first select unit selectively provides 
authentication data from the plurality of first authentication 
data hold units outside the data storage unit according to a 
request external to the data storage unit. 

[0031] The server distributes license information. The 
server includes a first control unit conducting an authenti- 
cation process based on the authentication data from the data 
storage unit to distribute license information when authen- 
tication is valid. 

[0032] Therefore, the advantage of the present invention is 
that, since the distribution system using the recording appa- 
ratus of the present invention is operated with always a 
plurality of authentication keys to conduct mutual authen- 
tication, security of the system can be maintained even if a 
certificate key corresponding to one authentication key is 
broken by a third party. 

[0033] Furthermore, since the content key and the like 
distributed in an encrypted state with the public key scheme 
using an asymmetric key are encrypted again using a com- 
mon secret key unique to the memory card according to the 
symmetric key scheme that allows decryption at high speed 
and stored in a memory card, the decryption process on the 
content key which is the information required for a repro- 
duction process can be effected at high speed in the music 
data reproduction process corresponding to the encrypted 
content data. Additionally, the level of security is improved 
by altering the key for such data transmission and the key for 
storage in the memory card 



BRIEF DESCRIPTION OF THE DRAWINGS 

[0034] FIG. 1 is a diagram to schematically describe the 
entire structure of a data distribution system of the present 
invention. 

[0035] FIG. 2 is a diagram to describe the characteristics 
of keys related to encryption used in the communication and 
distributed data in the data distribution system of FIG. 1. 

[0036] FIG. 3 shows the usage of certificate keys Kma and 
Kmb common to the system over time. 

[0037] FIG. 4 is a schematic block diagram showing a 
structure of a license server 10 of FIG. 1. 

[0038] FIG. 5 is a schematic block diagram to describe a 
structure of a cellular phone 100 of FIG. 1. 

[0039] FIG. 6 is a schematic block diagram to describe a 
structure of a memory card 110 of FIG. 5. 

[0040] FIG. 7 is a first flow chart to describe the distri- 
bution operation in the event of purchasing content in the 
data distribution system according to a first embodiment. 

[0041] FIG. 8 is a second flow chart to describe the 
distribution operation in the event of purchasing content in 
the data distribution system according to the first embodi- 
ment. 

[0042] FIG. 9 is a third flow chart to describe the distri- 
bution operation in the event of purchasing content in the 
data distribution system according to the first embodiment. 

[0043] FIG. 10 is a flow chart to describe the operation of 
each component in a reproduction session. 

[0044] FIG. 11 is a first flow chart to describe the transfer 
process between two memory cards 110 and 112. 

[0045] FIG. 12 is a second flow chart to describe the 
transfer process between two memory cards 110 and 112. 

[0046] FIG. 13 is a third flow chart to describe the transfer 
process between two memory cards 110 and 112. 

[0047] FIG. 14 is a block diagram showing a structure of 
a memory card 114 according to a second embodiment. 

[0048] FIG. 15 is a diagram to describe characteristics of 
keys related to encryption used for communication and 
distributed data in the data distribution system of the second 
embodiment. 

[0049] FIG. 16 is a first flow chart to describe the distri- 
bution operation in the event of purchasing content in the 
data distribution system of the second embodiment. 

[0050] FIG. 17 is a second flow chart to describe the 
distribution operation in the event of purchasing content in 
the data distribution system of the second embodiment. 

[0051] FIG. 18 is a third flow chart to describe the 
distribution operation in the event of purchasing content in 
the data distribution system of the second embodiment. 

[0052] FIG. 19 is a flow chart to describe the operation of 
each component in a reproduction session when the memory 
card of the second embodiment is used. 

[0053] FIG. 20 is a block diagram showing a structure of 
a memory card 116 according to a third embodiment. 
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[0054] FIG. 21 is a first flow chart to describe the distri- 
bution operation in the event of purchasing content in the 
data distribution system of the third embodiment. 

[0055] FIG. 22 is a second flow chart to describe the 
distribution operation in the event of purchasing content in 
the data distribution system of the third embodiment. 

[0056] FIG. 23 is a third flow chart to describe the 
distribution operation in the event of purchasing content in 
the data distribution system of the third embodiment. 

[0057] FIG. 24 is a flow chart to describe the reproduction 
operation using memory card 116 of the third embodiment. 

[0058] FIG. 25 is a first flow chart to describe the transfer 
process of the third embodiment. 

[0059] FIG. 26 is a second flow chart to describe the 
transfer process of the third embodiment. 

[0060] FIG. 27 is a third flow chart to describe the transfer 
process of the third embodiment. 

BEST MODES FOR CARRYING OUT THE 
INVENTION 

FIRST EMBODIMENT 

[0061] FIG. 1 is a diagram to describe schematically an 
entire structure of the data distribution system of the present 
invention. 

[0062] In the following, a data distribution system distrib- 
uting music data to each user via a cellular phone network 
will be described as an example. However, as will become 
apparent from the following description, the present inven- 
tion is not limited to such a case. The present invention is 
applicable to distribute content data corresponding to other 
copyrighted works such as video data, image data, book 
telling data, educational data, game programs, and further 
applicable to the case of distributing through other digital 
information communication networks. 

[0063] Referring to FIG. 1, a license server 10 adminis- 
trating copyrighted music data encrypts music data (also 
called "content data" hereinafter) according to a predeter- 
mined encryption scheme, and provides such encrypted 
content data to a cellular phone company which is a distri- 
bution carrier 20 to distribute encrypted content data and 
reproduction information (grant information for reproduc- 
tion called "license" hereinafter) including a content decryp- 
tion key which is the decryption key for the encrypted 
content data. An authentication server 12 challenges the 
authenticity of the user's cellular phone and memory card 
establishing access for distribution of music data. 

[0064] Distribution carrier 20 relays a distribution request 
from each user to license server 10 through its own cellular 
phone network. In response to a distribution request, license 
server 10 verifies the authenticity of the user's memory card 
through authentication server 12, and distributes encrypted 
content data and license thereof corresponding to the music 
request to the user's cellular phone. 

[0065] FIG. 1 corresponds to a structure in which a 
detachable memory card 110 is loaded in a cellular phone 
100 of a user 1. Memory card 110 receives the encrypted 
content data and license through cellular phone 100 and 
applies decryption on the above encryption, and then pro- 



vides the decrypted data to music reproduction unit (not 
shown) in cellular phone 100. 

[0066] User 1, for example, can "reproduce" the content 
data to listen to the music via a headphone 130 or the like 
connected to cellular phone 100. 

[0067] License server 10, authentication server 12, and 
distribution carrier (cellular phone company) 20 will be 
generically referred to as a distribution server 30 hereinafter. 

[0068] The process of transmitting content data to each 
cellular phone or the like from distribution server 30 is 
called "distribution". 

[0069] By such a structure, any user that has not purchased 
a proper memory card cannot receive and reproduce distri- 
bution data from distribution server 30. 

[0070] By taking count of the number of times content 
data of, for example, one song, is distributed in distribution 
carrier 20, the copyright royalty fee induced every time a 
user receives content data distribution can be collected by 
distribution carrier 2 in the form of telephone bills of 
respective cellular phones. Thus, the royalty fee of the 
copyright owner can be ensured. 

[0071] Furthermore, since such content data distribution is 
conducted through a cellular phone network, which is a 
closed system, there is the advantage that measures to 
protect copyrights can be taken more easily than compared 
to an open system such as the Internet. 

[0072] Here, a user 2 possessing a memory card 112, for 
example, can directly receive distribution of content data 
from music server 30 through his/her own cellular phone 
102. However, direct reception of content data or the like 
from music server 30 is relatively time consuming for user 
2 since the content data includes a large amount of infor- 
mation. In such a case, it will be convenient for the user if 
content data can be copied from user 1 that has already 
received distribution of that content data. 

[0073] However, from the standpoint of protecting the 
rights of copyright owners, unscrupulous copying of content 
data is not allowed on the basis of system configuration. 

[0074] As shown in FIG. 1, the act of letting a user 2 copy 
the content data received by user 1, and transferring the 
license corresponding to the relevant content data of user 1 
to user 2 is called "transfer" of music data. In this case, the 
encrypted content and license (the grant for reproduction) 
are transferred between memory cards 110 and 112 through 
cellular phones 100 and 102. As will be described after- 
wards, "license" includes a license decryption key that 
allows decryption of content data encrypted according to a 
predetermined encryption scheme, and license information 
such as a license ID corresponding to information related to 
copyright protection and information of restriction as to 
access reproduction. 

[0075] In addition to "transfer", the act of copying only 
encrypted content data is called "replicate". Since a license 
is not accompanied in replication, user 2 cannot reproduce 
the relevant content data. Although not described here, user 
2 can reproduce that content data only through another 
distribution of the license alone including a license encryp- 
tion key. 
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[0076] By such a structure, the content data distributed by 
distribution server 30 can be used flexibly at the reception 
side. 

[0077] In the case where cellular phones 100 and 102 are 
PHSs (Personal Handy Phones), information can be trans- 
ferred between user 1 and user 2 taking advantage of 
conversation in the so-called transceiver mode. 

[0078] In the structure shown in FIG. 1, the system to 
render the content data distributed in an encrypted manner 
reproducible at the user side requires: 1) the scheme to 
distribute an encryption key in communication, 2) the 
scheme per se to encrypt distribution data, and 3) a con- 
figuration realizing data protection to prevent unauthorized 
copying of the distributed content data. 

[0079] The embodiment of the present invention corre- 
sponds to a structure of improving copyright protection of 
distribution data by enhancing the authentication and check- 
ing function with respect to the content data transfer desti- 
nation during respective sessions of distribution and repro- 
duction, and preventing data distribution and transfer to an 
unauthorized recording apparatus as well as reproduction in 
the content reproduction circuit (for example, cellular 
phone). 

System Key and Data Configuration 

[0080] FIG. 2 is a diagram to describe the characteristics 
of the keys associated with encryption used in communica- 
tion and data to be distributed in the data distribution system 
of FIG. 1. 

[0081] The data "Data" distributed by the distribution 
server is content data such as music data. The content data 
is distributed to a user from distribution server 30 in the form 
of encrypted content data {DatajKc subjected to encryption 
that can be decrypted using at least a content decryption key 
Kc. 

[0082] In the following, the expression of {Y}X implies 
information having data Y converted into cipher that can be 
decrypted using a key X. 

[0083] From distribution server 30 are distributed addi- 
tional information Data-inf in plaintext such as of the 
copyright related to content data or related to server access 
and the like together with the content data. Specifically, 
additional information Data-inf includes information to 
identify the content data such as the song title as well as to 
identify distribution server 30. 

[0084] Keys related to the encryption, decryption and 
reproduction process of content data as well as to authenti- 
cation of a cellular phone which is the content reproduction 
circuit and a memory card which is a recording apparatus are 
set forth below. 

[0085] As mentioned before, there are provided a content 
decryption key Kc used to encrypt and decrypt content data, 
a public encryption key KPp(x) for the content reproduction 
circuit (cellular phone 100), and a public encryption key 
KPmc(x) for a memory card. 

[0086] Data encrypted using public encryption keys 
KPp(x) and KPmc(x) can be decrypted respectively using a 
private decryption key Kp(x) unique to the content repro- 
duction circuit (cellular phone 100) and a private decryption 



key Kmc(x) unique to the memory card. Public encryption 
keys KPp(x) and KPmc(x) are asymmetric encryption keys 
that can be decrypted using private decryption keys Kp(x) 
and Kmc(x), respectively. These unique private decryption 
keys have different contents for each type of cellular phone 
and each type of memory card. Here the type of cellular 
phone and memory card is defined based on the manufac- 
turer thereof, the fabrication time (fabrication lot) and the 
like. Natural number x represents a number to discriminate 
the type of each memory card and content reproduction 
circuit (cellular phone). 

[0087] There are also public authentication keys KPma 
and KPmb used common to the entire distribution system. 
The following description is based on the initial two authen- 
tication keys used common to the entire distribution system. 
However, the system is generally operated with more than 
two authentication keys according to the operation duration 
of the distribution system, as will be come apparent in the 
following. 

[0088] Encryption keys KPmc(x) and KPp(x) specified for 
each memory card and content reproduction unit are 
recorded in respective memory cards and cellular phones at 
the time of shipment in the form of {KPmc(x)}KPmy and 
{KPp(x)}KPmy where (y=a, b) as certified public encryp- 
tion keys that can be authenticated. 

[0089] Information to control the operation of the appa- 
ratus constituting the system, i.e. cellular phone 100 which 
is a content reproduction circuit and memory card 110, 
includes purchase condition information AC transmitted 
from cellular phone 100 to distribution server 30 when a user 
purchases a content decryption key or the like for the 
purpose of specifying the purchase condition, access restric- 
tion information AC1 indicating restriction and the like as to 
the number of accesses to memory card 110, distributed 
from distribution server 30 towards memory card 110 loaded 
in cellular phone 100 according to purchase condition infor- 
mation AC corresponding to the intention of the content 
supplier and the content purchaser, and reproduction circuit 
restriction information AC2 indicating restriction as to the 
reproduction condition of the content reproduction circuit, 
transmitted from distribution server 30 to memory card 110 
loaded in cellular phone 100, and applied from memory card 
110 to the content reproduction circuit in cellular phone 100. 
The reproduction condition of the content reproduction 
circuit implies the condition, for example, of allowing 
reproduction of only the beginning of each content data for 
a predetermined time such as in the case where a sample is 
distributed at low price or freely to promote a new song. 

[0090] The keys to administer data processing in memory 
card 110 includes a public encryption key KPm(i) (i: natural 
number) specified for each recording apparatus correspond- 
ing to a memory card, and a private decryption key Km(i) 
unique to each memory card that can decrypt data encrypted 
with public encryption key KPm(i). Here, natural number i 
represents a number to discriminate each memory card. 

[0091] In the data distribution system of FIG. 1, keys used 
in data communication are set forth below. 

[0092] The encryption key to ensure security during data 
transfer with an external source to the memory card or 
between memory cards includes symmetric keys Ksl-Ks4 
generated at server 30, the content reproduction circuit 
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(cellular phone 100 or 102), and memory card 110 or 112 
every time content data distribution, reproduction or transfer 
is carried out. 

[0093] Here, symmetric keys Ksl-Ks4 are unique sym- 
metric keys generated for each "session" which is the access 
unit or communication unit among the distribution server, 
content reproduction circuit or memory card. In the follow- 
ing, these symmetric keys Ksl-Ks4 are also called "session 
keys". 

[0094] These session keys Ksl-Ks4 have a unique value 
for each communication session, and is under control of the 
distribution server, content reproduction circuit and memory 
card. 

[0095] More specifically, a session key Ksl is generated 
for each distribution session by a license server in a distri- 
bution server. A session key Ks2 is generated for each 
distribution session and transfer (reception side) session of 
a memory card. Session key Ks3 is generated for each 
reproduction session and transfer (transmission side) session 
in a memory card. A session key Ks4 is generated for each 
reproduction session of the content reproduction circuit. The 
level of security can be improved in each session by trans- 
ferring the session keys and receiving a session key gener- 
ated by another apparatus to perform encryption using the 
session keys and transmitting the license decryption key. 

[0096] Data transferred between a distribution server and 
a cellular phone includes a content ID for the system to 
identify each content data, a license ID which is an admin- 
istration code to identify when and to whom the license was 
issued, and a transaction ID which is a code generated for 
each distribution session to identify each distribution ses- 
sion. 

Operation of System Authentication Key 

[0097] FIG. 3 shows the operation over time of secret 
certificate keys Kma and Kmb common to the system to 
carry out an encryption process to allow authentication by 
decrypting using public authentication keys KPma and 
KPmb common to the entire distribution system. Certificate 
key Kma and authentication key KPma, and also certificate 
key Kmb and authentication key KPmb respectively form a 
pair. 

[0098] As mentioned before, the number of certificate 
keys operated common to the entire distribution system is 
initially two. It is assumed that the keys provided from the 
start of the system are certificate keys Kmal and Kmbl. 
Corresponding to these two secret certificate keys, the 
operation of public authentication keys KPmal and KPmbl 
in the system is also initiated. 

[0099] During a predetermined time Tl (for example two 
years) from the start of the system operation, the system is 
operated based on these two pairs of certificate keys and 
authentication keys. 

[0100] At the elapse of time Tl, secret certificate keys 
Kma2 and Kmb2 as well as public authentication keys 
KPma2 and KPmb2 common to the entire system are newly 
added for operation of the system. In a similar manner, two 
pairs of certificate keys and authentication keys are newly 
added at the elapse of each period of time Tl for the 
operation of the system. 



[0101] The two certificate keys applied at the same time 
are inhibited of usage in the system at an elapse of a 
predetermined period of time T2 (for example 18 years). 

[0102] By this operation, a predetermined number of sets 
(9 sets in the example of FIG. 3) of authentication keys, 
though not exclusively, will constantly be operated on the 
system at the elapse of period T2. 

[0103] The reason why such operation of authentication 
keys is employed will described here. Memory card 110 will 
constantly retain a plurality of public authentication keys 
and a plurality of certified public encryption keys encrypted 
with a plurality of secret certificate keys, and the content 
reproduction circuit (cellular phone 100) will retain a plu- 
rality of certified public keys. Each secret certificate key will 
be administered by a different administrator. Therefore, even 
if one secret certificate key is obtained by a third party 
breaking into the system through illegal means, receiving 
distribution or reproduction using a certified public encryp- 
tion key corresponding to an illegally obtained secret cer- 
tificate key can be prevented by the authentication process 
using a certified public encryption key encrypted with the 
remaining secret certificate keys. 

[0104] The number of authentication keys applied to the 
system at the same time is not limited to the aforementioned 
two, and more keys may be applied at the same time. 

[0105] For the sake of simplification, it is assumed that the 
following description corresponds to the case of a period of 
time Tl right after the operation has commenced. It is 
assumed that two authentication keys KPma and KPmb are 
used in the system. The certified public encryption key is 
called authentication data hereinafter. 

Configuration of License Server 10 

[0106] FIG. 4 is a schematic block diagram showing a 
structure of license server 10 of FIG. 1. 

[0107] License server 10 includes an information database 
304 to store a license ID corresponding to the encrypted 
music data (content data) and distribution data such as a 
license decryption key to decrypt encrypted music data, an 
account database 302 to store accounting data according to 
the start of access to music data for each user, a data 
processing unit 310 receiving data through a data bus BS0 
from information database 304 and accounting database 302 
to apply a predetermined process, and a communication 
device 350 to transfer data between distribution carrier 20 
and data processing unit 310 via the communication net- 
work. 

[0108] Data processing unit 310 includes a distribution 
control unit 315 to control the operation of data processing 
unit 310 according to the data on data bus BS0, a session key 
generation unit 316 to generate a session key Ksl in a 
distribution session, under control of distribution control 
unit 315, a decryption processing unit 312 receiving through 
communication device 350 and data bus BS1 authentication 
data {KPmc(j)}KPmy (y=a, b) sent from a memory card 
through a cellular phone to apply a decryption process on 
authentication key KPmy (y=a, b), an encryption processing 
unit 318 encrypting session key Ksl generated by session 
key generation unit 316 using public encryption key 
KPmc(j) obtained by decryption processing unit 312 to 
provide the encrypted key to data bus BS1, and a decryption 
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processing unit 320 receiving through data bus BS1 data 
encrypted with session key Ksl and transmitted by each 
user. 

[0109] Data processing unit 310 further includes an 
encryption processing unit 326 to encrypt license data output 
from distribution control unit 315 using a public encryption 
key KPm(i) unique to the memory card obtained from 
decryption processing unit 320, and an encryption process- 
ing unit 328 further encrypting the output of encryption 
processing unit 326 using a session key Ks2 applied from 
decryption processing unit 320 to provide the encrypted key 
onto data bus BS1. 

Configuration of Cellular Phone 100 

[0110] FIG. 5 is a schematic block diagram to describe a 
structure of a cellular phone 100 of FIG. 1. 

[0111] In cellular phone 100, the natural number x repre- 
senting the type (class) of the content reproduction circuit of 
cellular phone 100 is set to x=l. 

[0112] Cellular phone 100 includes an antenna 1102 to 
receive a signal transmitted through radio by a cellular 
phone network, a transmitter/receiver unit 1104 converting 
the signal received from antenna 1102 into a base band 
signal, or modulating and providing to antenna 1102 the data 
from cellular phone 100, a data bus BS2 to transfer data 
between respective components of cellular phone 100, and 
a controller 1106 to control the operation of cellular phone 
100 via data bus BS2. 

[0113] Cellular phone 100 further includes a touch key 
unit 1108 to apply designation to cellular phone 100 from an 
external source, a display 1110 to apply the information 
output from controller 1106 or the like to the user as visual 
information, an audio reproduction unit 1112 reproducing 
audio based on reception data provided via data bus BS2 in 
a general conversation operation, a connector 1120 to trans- 
fer data with an external source, and an external interface 
unit 1122 providing the data from connector 1120 to data bus 
BS2 for conversion, or to convert the data from data bus BS2 
into a signal that can be applied to connector 1120. 

[0114] Cellular phone further includes a detachable 
memory card 110 storing encrypted music data (encrypted 
content data), and storing information used for a decryption 
process, a memory interface 1200 to control data transfer 
between memory card 110 and data bus BS2, an authenti- 
cation data hold unit 1500.1 storing a public encryption key 
KPp(l) set for each cellular phone class in an encrypted state 
that can be decrypted using authentication key KPma, an 
authentication data hold unit 1500.2 storing public encryp- 
tion key KPp(l) in an encrypted state that can be decrypted 
using authentication key KPmb, and a switch circuit SW1 
selectively applying to bus BS2 the data from authentication 
data hold unit 1500.1 and authentication data hold unit 
1500.2 under control of controller 1106. 

[0115] As described before, since the number of authen- 
tication keys operated in the system increases over the 
period of time in the distribution system, an authentication 
data hold unit 1500. m (m: natural number) is to be added 
accordingly. 

[0116] Cellular phone 100 further includes a Kp hold unit 
1502 storing Kp(l) which is a secret encryption key unique 



to the cellular phone (content reproduction circuit), a 
decryption processing unit 1504 decrypting data received 
from data bus BS2 using private decryption key Kp(l), and 
obtaining session key Ks3 generated by the memory card, a 
session key generation unit 1508 generating using a random 
number a session key Ks4 used to encrypt data transferred 
on data bus BS2 with memory card 110 in a session of 
reproducing content data stored in memory card 110, an 
encryption processing unit 1506 encrypting generated ses- 
sion key Ks4 using a session key Ks3 obtained by decryption 
processing unit 1504 for output onto data bus BS2, and a 
decryption processing unit 1510 decrypting the data on data 
bus BS2 using session key Ks4, and providing content 
decryption key Kc and reproduction circuit control infor- 
mation AC2. 

[0117] Cellular phone 100 further includes a decryption 
processing unit 1516 receiving encrypted content data 
{DatajKc from data bus BS2 to decrypt the data using 
content decryption key Kc obtained by decryption process- 
ing unit 1510 to output content data, a music reproduction 
unit 1518 to receive the output of decryption processing unit 
1516 to reproduce content data, a mixer unit 1525 receiving 
the outputs of music reproduction unit 1518 and audio 
reproduction unit 1112 to selectively provide an output 
according to the operation mode, and a connection terminal 
1530 receiving the output of mixer unit 1525 for connection 
to headphone 130. 

[0118] Here, reproduction circuit control information AC2 
output from decryption processing unit 1510 is applied to 
controller 1106 via data bus BS2. 

[0119] In FIG. 5, only the blocks associated with distri- 
bution and reproduction of music data among the blocks 
forming the cellular phone are illustrated for the sake of 
simplification. Blocks related to the general conversation 
function inherent to a cellular phone are left out. 

Configuration of Memory Card 110 

[0120] FIG. 6 is a schematic block diagram to describe a 
structure of memory card 110 of FIG. 5. 

[0121] As described before, public encryption key KPm(i) 
and a corresponding private decryption key Km(i) take 
unique values for each memory card. In memory card 110, 
it is assumed that the natural number is set to i=l. Also, 
KPmc(x) and Kmc(x) are set as the public encryption key 
and secret encryption key unique to the memory card type 
(class). In memory card 110, it is assumed that natural 
number x is represented as x=l. 

[0122] Memory card 110 includes a data bus BS3 to 
transfer a signal with memory interface 1200 via a terminal 
1202, an authentication data hold unit 1400.1 to store 
{KPmc(l)}KPma as authentication data, an authentication 
data hold unit 1400.2 storing {KPmc(l)}KPmb as authen- 
tication data, a switch circuit SW2 selectively applying onto 
data bus BS3 the outputs from authentication data hold unit 
1400.1 and authentication data hold unit 1400.2 under 
control of controller 1420, a Kmc hold unit 1402 storing a 
decryption key Kmc(l) which is a decryption key unique set 
for each memory card type, a Km(l) hold unit 1421 storing 
private decryption key Km(l) set unique to each memory 
card, and a KPm(l) hold unit 1416 to store public encryption 
key KPm(l) to carry out encryption that can be decrypted 
using private decryption key Km(l). 
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[0123] Here, authentication data hold unit 1400.1 stores 
public encryption key KPmc(l) set for each memory card 
class in an encrypted state that can be authenticated by 
decryption using authentication key KPma in an authenti- 
catable state. Authentication data hold unit 1400.2 stores 
public encryption key KPmc(l) in an encrypted state that 
can be authenticated by decryption using authentication key 
KPmb. When the number of authentication keys increases 
according to the operation duration of the system, an authen- 
tication data hold unit 1400. m (m: natural number, m>2) is 
additionally provided accordingly. 

[0124] Memory card 110 further includes a decryption 
processing unit 1404 receiving data applied from memory 
interface 1200 to data bus BS3, and receiving a private 
decryption key Kmc(l) from Kmc(l) hold unit 1402 unique 
to each memory card type, and providing to contact Pa a 
session key Ksl generated by distribution server 30 in a 
distribution session or a session key Ks3 generated in a 
transfer session by another memory card, authentication key 
hold units 1444.1 and 1444.2 to store authentication keys 
KPma and KPmb, respectively, a switch circuit 1448 receiv- 
ing authentication key KPma from authentication key hold 
unit 1444.1 and authentication key KPmb from authentica- 
tion key hold unit 1444.2 to selectively output the received 
key according to control of controller 1420, a decryption 
processing unit 1408 receiving the output of switch circuit 
1448 to execute a decryption process using authentication 
data KPma or KPmb from the data applied onto data bus 
BS3 and providing the decrypted result to controller 1420 
and encryption processing unit 1410 via data bus BS4, and 
an encryption processing unit 1406 encrypting data selec- 
tively applied from switch 1444 using a key selectively 
applied by switch 1442, and providing the encrypted data 
onto data bus BS3. 

[0125] When the number of authentication keys increases 
according to the operation period of the system, an authen- 
tication key hold unit 1400. m (m: natural number, m>2) is 
additionally provided accordingly. 

[0126] Memory card 110 further includes a session key 
generation unit 1418 generating a session key Ks2 or Ks3 at 
each distribution, reproduction and transfer session, an 
encryption processing unit 1410 encrypting session key Ks3 
output from session key generation unit 1418 using public 
encryption key KPp(x) or KPmc(x) obtained by encryption 
processing unit 1408 to output the encrypted key to data bus 
BS3, and a decryption processing unit 1412 receiving data 
encrypted by session key Ks2 or Ks3 from data bus BS3 to 
apply a decryption process using session key Ks2 or Ks3 
obtained by session key generation unit 1418, and providing 
the decrypted result onto data bus BS4. 

[0127] Memory card 110 further includes an encryption 
processing unit 1424 encrypting the data on data bus BS4 
using a public encryption key KPm(i) (i^l) unique to 
another memory card, a decryption processing unit 1422 to 
decrypt the data on data bus BS4 using a private decryption 
key Km(l) unique to memory card 110 that is the companion 
to public encryption key KPm(l), and a memory 1415 
receiving and storing from data bus BS4 reproduction infor- 
mation encrypted with public encryption key KPm(l) (con- 
tent decryption key Kc, content ID, license ID access control 
information AC1, reproduction circuit control information 
AC2), as well as receiving and storing via data bus BS3 



encrypted content data {DatajKc and additional data Data- 
inf. Although not limited, memory 1415 is formed of a 
semiconductor memory such as a flash memory. 

[0128] Memory card 110 further includes a license hold 
unit 1440 storing license ID, content ID and access restric- 
tion information AC1 obtained by decryption processing 
unit 1422, and a controller 1420 transferring data with an 
external source via data bus BS3 to receive reproduction 
information and the like from data bus BS4 to control the 
operation of memory card 110. 

[0129] License hold unit 1440 can send/receive the data of 
license ID, data content ID data and access restriction 
information AC1 to/from data bus BS4. License hold unit 
1440 includes N (N: natural number) banks. A portion of the 
reproduction information corresponding to each license is 
stored for each bank. 

[0130] License hold unit 1440 is recorded with informa- 
tion related to inhibiting usage of an authentication key 
transmitted through a distribution server, if necessary. 

[0131] It is assumed that the region enclosed by a dotted 
line in FIG. 6 is incorporated in a module TRM to disable 
readout of data and the like in the circuit located in that 
region by a third party by erasing the internal data or 
destroying the internal circuitry when an improper open 
process is conducted from an external source. Such a module 
is generally a tamper resistant module. 

[0132] A structure may be implemented in which memory 
1415 is also incorporated module TRM. However, since the 
data stored in memory 1415 is completely encrypted accord- 
ing to the structure shown in FIG. 6, a third party will not 
be able to reproduce the music with just the data in memory 
1415. Furthermore, it is not necessary to provide memory 
1415 in the expensive tamper resistance module. Thus, there 
is the advantage that the fabrication cost is reduced. 

[0133] Alternatively, the entire reproduction information 
may be stored in license hold unit 1440. In this case, the 
reproduction information encrypted with public key KPm(l) 
does not have to be recorded in memory 1415. 

Distribution Operation 

[0134] The operation in each session of the data distribu- 
tion system according to the first embodiment of the present 
invention will be described in detail hereinafter with refer- 
ence to the flow charts. 

[0135] FIGS. 7, 8 and 9 are the first, second and third flow 
charts, respectively, to describe a distribution operation in 
the event of purchasing content according to the data dis- 
tribution system of the first embodiment (also called "dis- 
tribution session" hereinafter). 

[0136] FIGS. 7, 8 and 9 correspond to the operation of 
user 1 receiving content data distribution from distribution 
server 30 via cellular phone 100 using memory card 110. 

[0137] First, a distribution request is issued from cellular 
phone 100 of user 1 through the operation of the key buttons 
on touch key unit 1108 by user 1 (step S100). 

[0138] At memory card 110, determination is made 
whether usage inhibition for authentication key KPma is 
recorded in license hold unit 1440 in response to this 
distribution request (step S101). When usage inhibition for 
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authentication key KPma is not specified, control proceeds 
to step S102. When usage inhibition is specified, control 
proceeds to step S118. 

[0139] When usage inhibition of authentication key KPma 
is not specified, authentication data {KPmc(l)}KPma is 
output from authentication data hold unit 1400.1 (step 
S102). In the case where there is no record in memory card 
110 that authentication key KPma has been broken by a third 
party from the start of the system operation, usage of 
authentication key KPma is not inhibited. This processing 
path is selected. 

[0140] Cellular phone 100 transmits to distribution server 
30 the content ID to specify the content data to be distributed 
and data AC of the license purchase condition in addition to 
authentication data {KPmc(l)}iPma from memory card 110 
(step S104). 

[0141] Distribution server 30 receives the content ID, 
authentication data {KPmc(l)}KPma, license purchase con- 
dition data AC from cellular phone 100 (step S106). Decryp- 
tion processing unit 312 executes a decryption process using 
authentication key KPma. Accordingly, distribution server 
30 receives public encryption key KPmc(l) of memory card 
110 (step S108). 

[0142] Distribution control unit 315 conducts authentica- 
tion by authentication server 12 based on the received secret 
encryption key KPmc(l) and authentication data KPma (step 
S110). When determination is made that public encryption 
key KPmc(l) encrypted with authentication key KPma is 
properly registered and the authentication result based on 
authentication key KPma is valid as a result of proper 
encryption (step S110), control proceeds to step S132. 

[0143] When public encryption key KPmc(l) encrypted 
using authentication key KPma is unauthorized and not 
subjected to proper encryption (step S110), the process ends 
based on the determination that the authentication result is 
invalid (step S190). 

[0144] When determination is made that authentication 
key KPma has already been broken by a third party and is 
invalid as a result of authentication by authentication server 
12 (step S110), distribution server 30 outputs "authentica- 
tion key KPma usage inhibit notification" (step S112). In 
response to cellular phone 100 receiving the authentication 
key KPma usage inhibit notification (step S114), authenti- 
cation key KPma usage inhibition is recorded in license hold 
unit 1440 of memory card 110 (step S116). 

[0145] Then, authentication data {KPmc(l)}KPmb is out- 
put from authentication data hold unit 1400.2 (step S118). 

[0146] Cellular phone 100 transmits to distribution server 
30 the content ID to specify the content to receive distribu- 
tion, and license purchase condition data AC in addition to 
authentication data {KPmc(l)}KPmb received from 
memory card 110 (step S120). 

[0147] Distribution server 30 receives the content ID, 
authentication data {KPmc(l)}KPmb and license purchase 
condition data AC from cellular phone 100 (step S122). 
Decryption processing unit 312 executes a decryption pro- 
cess with authentication data KPma. Accordingly, distribu- 
tion server 30 accepts public encryption key KPmc(l) of 
memory card 110 (step S124). 



[0148] Distribution control unit 315 conducts authentica- 
tion through authentication server 12 based on the accepted 
secret encryption key KPmc(l) and authentication key 
KPmb (step S126). In the case public encryption key 
KPmc(l) encrypted using authentication key KPmb is prop- 
erly registered and determination is made that the authenti- 
cation result using authentication key KPmb is valid as a 
result of proper encryption (step S110), control proceeds to 
step S132. 

[0149] When public encryption key KPmc(l) encrypted 
using authentication key KPmb is not properly registered so 
that proper encryption is not effected, or when authentication 
key KPmb has already been broken by a third party and 
rendered invalid (step S126), the process ends based on the 
determination that the authentication result is invalid (step 
S190). 

[0150] In verifying authenticity of public encryption key 
KPmc(l) in the decryption process by authentication key 
KPma, a certificate encrypted so as to be able to be 
decrypted using authentication key KPma or KPmb may be 
transmitted to distribution server 30 accompanying each 
public encryption key KPmc(l). 

[0151] When authenticity of memory card 110 is verified 
as a result of the above authentication, distribution control 
unit 315 generates a transaction ID to identify the distribu- 
tion session (step S132). 

[0152] Referring to FIG. 8, session key generation unit 
316 generates a session key Ksl for distribution. Session key 
Ksl is encrypted by encryption processing unit 318 using 
public encryption key KPmc(l) corresponding to memory 
card 110 obtained by decryption processing unit 312 (step 
S134). 

[0153] The transaction ID and encrypted session key 
{Ksl}Kmc(l) are output via data bus BS1 and communi- 
cation device 350 (step S136). 

[0154] In response to cellular phone 100 receiving the 
transaction ID and encrypted session key {Ksl}Kmc(l) 
(step S138), the encrypted session key {Ksl}Kmc(l) is 
input to memory card 110. At memory card 110, decryption 
processing unit 1404 decrypts the reception data applied 
onto data bus BS3 via memory interface 1200 using a private 
decryption key Kmc(l) unique to the class of memory card 
110 stored in storage unit 1402, whereby session key Ksl is 
decrypted and extracted (step S140). 

[0155] In response to reception of session key Ksl gen- 
erated by distribution server 30, controller 1420 designates 
session key generation unit 1418 to generate a session key 
Ks2 during a distribution session of memory card 110. 

[0156] Encryption processing unit 1406 uses session key 
Ksl applied from decryption processing unit 1404 via 
contact Pa of switch 1422 to encrypt session key Ks2 and 
public encryption key KPm(l) unique to each memory card 
applied via contacts Ke and Kf, respectively, by switching 
the contact of switch 1446 to output {Ks2//KPm(l)}Ksl to 
data bus BS3 (step S142). 

[0157] Data {Ks2//KPm(l)}Ksl output onto data bus BS3 
is transmitted from data bus BS3 to cellular phone 100 via 
terminal 1202 and memory interface 1200 (step S142). 
Cellular phone 100 adds the transaction ID, and transmits 
the data and a transaction ID to distribution server 30 (step 
S144). 
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[0158] The expression of {X//Y}Z implies encrypted data 
X and Y that can be decrypted using key Z. 

[0159] Distribution server 30 receives a transaction ID and 
encrypted data {Ks2//KPm(l)}Ksl. At decryption process- 
ing unit 320, a decryption process is executed using session 
key Ksl. Session key Ks2 generated at the memory card and 
public encryption key KPm(l) unique to memory card 110 
are accepted (step S146). 

[0160] Distribution control unit 315 generates a license 
ID, access restriction information AC1 and reproduction 
circuit control information AC2 according to the content ID 
and license purchase condition data AC obtained at step 
S106 (step S150). Also, content decryption key Kc to 
decrypt the encrypted content data is obtained from infor- 
mation database 304 (step S152). 

[0161] Distribution control unit 315 has content decryp- 
tion key Kc, reproduction circuit control information AC2, 
the license ID, content ID and access restriction information 
AC1 encrypted by encryption processing unit 326 using 
public encryption key KPm(l) unique to memory card 110 
obtained by decryption processing unit 320 (step S156). 

[0162] Encryption processing unit 328 receives the output 
of encryption processing unit 326 to encrypt the output using 
session key Ks2 generated at memory card 110. A transac- 
tion ID is attached to encrypted data {{Kc//AC2//license 
ID//content ID//ACl}Km(l)}Ks2 output from encryption 
processing unit 328, and transmitted to cellular phone 100 
via data bus BS1 and communication device 350 (step 
S158). 

[0163] By transferring respective session keys generated 
at distribution server 30 and memory card 110 to each other 
to execute encryption using respective received encryption 
keys and transmitting the encrypted data to the other party, 
authentication of each other can be virtually conducted in 
the transmission/reception of respective encrypted data. 
Thus, security of the data distribution system can be 
improved. 

[0164] Cellular phone receives the transmitted transaction 
ID and encrypted data {{Kc//AC2//license ID//content ID// 
ACl}Km(l)}Ks2 (step SI 60). The received encrypted data 
is applied to memory card 110. At memory card 110, the 
encrypted data applied onto data bus BS3 via memory 
interface 1200 is decrypted by decryption processing unit 
1412. Specifically, decryption processing unit 1412 uses 
session key Ks2 applied from session key generation unit 
1418 to decrypt the reception data on data bus BS3, and 
provides the decrypted data onto data bus BS4 (step SI 64). 

[0165] Referring to FIG. 9, data {Kc//AC2//license ID// 
content ID//ACl}Km(l) output on data bus BS4 is recorded 
in memory 1415 outside the TRM region (step S166). 

[0166] Data {Kc//AC2//license ID//content ID// 
ACl}Km(l) output to data bus BS4 and that can be 
decrypted using private decryption key Km(l) stored in 
Km(l) hold unit 1421 is decrypted by decryption processing 
unit 1422 using private decryption key Km(l) in response to 
designation by controller 1420. Content decryption key Kc, 
reproduction circuit control information AC2, the license ID, 
content ID and access restriction information AC1 are 
accepted (step SI 68). 



[0167] The license ID, content ID and access restriction 
information AC1 are recorded in bank j that is the j-th empty 
bank in license hold unit 1440 (step S172). Here, natural 
number j is the number corresponding to the content data, 
where 1 = j = N (N: total number of banks). 

[0168] When the process up to step S152 ends properly, 
designation of whether to obtain distribution of reproduction 
information such as the content decryption key as well as 
encrypted content data, or only the reproduction information 
such as the content decryption key, is issued from user 1 to 
cellular phone 100 (step 174). 

[0169] In the case where distribution of both reproduction 
information and content data is desired, a content data 
distribution request and a transaction ID are transmitted 
from cellular phone 100 to distribution server 30 (step 
S176). When the distribution of only license information 
such as the content decryption key is desired, control pro- 
ceeds to step S184. 

[0170] Upon receiving a content data distribution request, 
distribution server 30 obtains encrypted content data 
{DatajKc and additional data DATA-inf from information 
database 304. A transaction ID is attached to the same, and 
output via data bus BS1 and communication device 350 
(step S178). 

[0171] Cellular phone 100 receives {Data}Kc//Data-inf// 
transaction ID, and accepts encryption content data 
{DatajKc and additional data Data-inf (step S180). 
Encrypted content data {DatajKc and additional data Data- 
inf are transmitted to data bus BS3 of memory card 110 via 
memory interface 1200 and terminal 1202. At memory card 
110, the received encrypted content data {DatajKc and 
additional data Data-inf are directly stored in memory 1415 
(step S182). 

[0172] A transaction ID distribution reception notification 
is issued from cellular phone 100 to distribution server 30 
(step S184). Upon receiving the transaction ID distribution 
reception at distribution server 30 (step S186), the distribu- 
tion end process is executed with storage of the accounting 
data into account database 302 (step S188), and the entire 
process ends (step S190). 

[0173] By virtue of the above-described process, content 
data, can be distributed only when authenticity of public 
encryption key KPmc(l) transmitted by memory card 110 of 
cellular phone 100 in response to a distribution request is 
verified. Distribution to an improper apparatus can be inhib- 
ited. Thus, security of distribution is improved. 

[0174] A transaction ID is assigned to a series of trans- 
mission/reception, and used to identify the communication 
in the same distribution. Although not particularly described, 
the process will end when correspondence of the transaction 
ID is not established. 

Reproduction Operation 

[0175] The operation of reproducing music from the 
encrypted content data stored in memory card 110 to output 
the music through cellular phone 100 (also called "repro- 
duction session" hereinafter) will be described. 

[0176] FIG. 10 is a flow chart to describe the operation of 
each component in a reproduction session. 
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[0177] Referring to FIG. 10, a reproduction request is 
issued by designation of user 1 through touch key unit 1108 
or the like of cellular phone 100 (step S200). 

[0178] In response to the generation of a reproduction 
request, cellular phone 100 outputs onto data bus BS2 
authentication data {KPp(l)}KPma that can be decrypted 
using authentication key KPma from authentication data 
hold unit 1500.1 (step S202). 

[0179] Authentication data {KPp(l)}KPma is transmitted 
to memory card 110 via data bus BS2 and memory interface 
1200. 

[0180] At memory card 110, authentication data 
{KPp(l)}KPma transmitted onto data bus BS3 via terminal 
1202 is fetched by decryption processing unit 1408. Decryp- 
tion processing unit 1408 receives authentication key KPma 
from authentication key hold unit 1414.1 to decrypt the data 
on data bus BS3. The decrypted public secret key KPp(l) is 
accepted (step S204). 

[0181] When public encryption key KPp(l) encrypted 
using authentication key KPma is properly registered, and 
subjected to proper encryption, i.e., when decryption using 
authentication key KPma is allowed and associated data 
generated at the time of decryption can be confirmed, and 
when the authentication key is not recorded as inhibited of 
usage in license hold unit 1440 (step S206), the process 
proceeds to step S214 on the assumption that the authenti- 
cation result through authentication key KPma has been 
verified. 

[0182] When decryption is disallowed, or when associated 
data generated during decryption cannot be confirmed or the 
authentication key is inhibited of usage (step S206), deter- 
mination is made that the authentication result through 
authentication key KPma is not verified, and the result is 
issued to cellular phone 100. 

[0183] When the authentication result through authentica- 
tion key KPma is not verified, cellular phone 100 has 
authentication data {KPp(l)}KPmb that can be decrypted 
using authentication key KPmb output from authentication 
key hold unit 1500.2 to data bus BS2 (step S208). 

[0184] Encryption data {KPp(l)}KPmb for authentication 
is transmitted to memory card 110 via data bus BS2 and 
memory interface 1200. 

[0185] At memory card 110, authentication data 
{KPp(l)}KPmb transmitted onto data bus BS3 via terminal 
1202 is fetched by decryption processing unit 1408. Decryp- 
tion processing unit 1408 receives authentication key KPmb 
from authentication key hold unit 1414.2 to decrypt the data 
on data bus BS3. Then, the decrypted public encryption key 
KPp(l) is accepted (step S210). 

[0186] When public encryption key KPp(l) encrypted 
using authentication key KPmb is properly registered, and 
subjected to proper encryption, i.e., when decryption using 
authentication key KPmb is allowed and the associated data 
generated during decryption can be confirmed, and when the 
authentication key is not recorded in license hold unit 1440 
as inhibited of usage (step S212), determination is made that 
the authentication result through authentication key KPmb is 
verified, and control proceeds to step S214. 

[0187] When decryption is disallowed, or when the asso- 
ciated data generated during decryption cannot be confirmed 



or the authentication key is inhibited of usage (step S212), 
determination is made that the authentication result through 
authentication key KPmb is not verified, and the process 
ends (step S240). 

[0188] When controller 1420 receives public encryption 
key KPp(l) unique to the content reproduction circuit of 
cellular phone 100 at decryption processing unit 1408 and 
authenticity of the content reproduction circuit of cellular 
phone 100 is verified as a result of authentication, determi- 
nation is made that the transmitted public encryption key 
KPp(l) is the public encryption key assigned to the autho- 
rized content reproduction circuit for the data distribution 
system. Session key generation unit 1418 is instructed to 
generate session key Ks3 of the reproduction session via 
data bus BS4. Session key Ks3 generated by session key 
generation unit 1418 is transmitted to encryption processing 
unit 1410. Encryption processing unit 1410 encrypts session 
key Ks3 using public encryption key KPp(l) of cellular 
phone 100 obtained by decryption processing unit 1408. 
Encrypted data {Ks3}Kp(l) is output onto data bus BS3 
(step S214). 

[0189] Cellular phone 100 receives encrypted data 
{Ks3}Kp(l) on data bus BS via terminal 102 and memory 
interface 1200. Encrypted data {Ks3}Kp(l) is decrypted by 
decryption processing unit 1504. Session key Ks3 generated 
at memory card 110 is accepted (step S216). 

[0190] In response to acceptance of session key Ks3, 
controller 1106 instructs session key generation unit 1508 to 
generate session key Ks4 generated at cellular phone 100 in 
the reproduction session. The generated session key Ks4 is 
transmitted to encryption processing unit 1506. Data 
{Ks4}Ks3 encrypted using session key Ks3 obtained by 
decryption processing unit 1504 is output to data bus BS2 
(step S218). 

[0191] Encrypted session key {Ks4}Ks3 is transmitted to 
memory card 110 via memory interface 1200. At memory 
card 110, encrypted {Ks4}Ks3 transmitted to data bus BS3 
is decryption by decryption processing unit 1412. Session 
key Ks4 generated by cellular phone 100 is accepted (step 
S220). 

[0192] In response to acceptance of session key Ks4, 
controller 1420 confirms access restriction information AC1 
with the corresponding content ID in license hold unit 1440 
(step S222). 

[0193] By confirming access restriction information AC1 
that relates to restriction on memory access at step S222, the 
reproduction session ends when in a reproduction disable 
state (step S240). In the case reproduction is allowed but the 
number of times of reproduction is restricted, the data of 
access restriction information AC1 is updated and the repro- 
ducible number of times is updated. Then, control proceeds 
to step S226 (step S224). When the number of times of 
reproduction is not restricted by access restriction informa- 
tion AC1, control skips step S224 and proceeds to step S226 
without access control information AC1 being updated. 

[0194] Determination is made of a reproduction disable 
state in the case where the relevant content ID corresponding 
to the requested song is not present in license hold unit 1440, 
and the reproduction session ends (step S240). 

[0195] When determination is made that reproduction is 
allowed in the current reproduction session at step S222, a 
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decryption process is executed to obtain the content decryp- 
tion key Kc of the requested song and reproduction circuit 
control information AC2 stored in the memory. Specifically, 
in response to a command from controller 1420, encrypted 
data {Kc//AC2//license ID//content ID//ACl}Km(l) read 
out from memory 1415 to data bus BS4 is decrypted by 
decryption processing unit 1422 using secret key Km(l). 
Accordingly, content decryption key Kc and reproduction 
circuit control information AC2 are obtained (step S226). 

[0196] The obtained content reproduction key Kc and 
reproduction circuit control information AC2 are applied to 
encryption processing unit 1406 via contact Pd of switch 
1444. Encryption processing unit 1406 encrypts data Kc and 
AC2 received from data bus BS4 using session key Ks4 
received from decryption processing unit 1412 via contact 
Pb of switch 1442. Data {Kc//AC2}Ks4 is output onto data 
bus BS3 (step S228). 

[0197] The encrypted data output on data bus BS3 is 
transmitted to cellular phone 100 via memory interface 
1200. 

[0198] At cellular phone 100, encrypted data {Kc// 
AC2}Ks4 transmitted onto data bus BS2 via memory inter- 
face 1200 is decrypted by decryption processing unit 1510 
using session key Ks4, whereby content decryption key Kc 
and reproduction circuit control information AC2 are 
accepted (step S230). Decryption processing unit 1510 
transmits content decryption key Kc to decryption process- 
ing unit 1516. Reproduction circuit control information AC2 
is output onto data bus BS2. 

[0199] Controller 1106 accepts reproduction circuit con- 
trol information AC2 to confirm whether reproduction is 
allowed or not via data bus BS2 (step S232). 

[0200] When determination is made that reproduction is 
not allowed through reproduction circuit control information 
AC2 at step S232, the reproduction session ends (step S240). 

[0201] When reproduction is allowed, encrypted content 
data {DatajKc of the requested song stored in the memory 
is output onto data bus BS3 by memory card 110, and 
transmitted to cellular phone 100 via memory interface 1200 
(step S234). 

[0202] At cellular phone 100, encrypted content data 
{DatajKc transmitted onto data bus BS2 from memory card 
210 is decrypted by decryption processing unit 1516 using 
content decryption key Kc, whereby content data in plain- 
text can be obtained (step S236). The decrypted content data 
Data of plaintext is reproduced into music by music repro- 
duction unit 1518, and output via mixer unit 1525 and 
terminal 1530. Thus, the process ends (step S240). 

[0203] In the reproduction session, respective encryption 
keys are output from cellular phone 100 and memory card 
110 to execute encryption with each other using the received 
encryption key, and the encrypted data is transmitted to the 
other party. As a result, authentication can be conducted with 
each other in respective transmission and reception of data 
in the reproduction session, as in the distribution session. 
Thus, security of the data distribution system can be 
improved. 



Transfer Operation 
[0204] The process of transferring content data between 
two memory cards will be described hereinafter. 

[0205] FIGS. 11, 12 and 13 are the first, second and third 
flow charts, respectively, to describe the process of trans- 
ferring content data and reproduction information between 
two memory cards 110 and 112 via cellular phones 100 and 
102. 

[0206] In FIGS. 11-13, the natural number x to identify the 
types of cellular phone 100 and memory card 110 is set to 
x=l, and the natural number x to identify the types of 
cellular phone 102 and memory card 112 is set to x=2. The 
natural number i to identify memory card 110 and memory 
card 112 are set to i=l and i=2, respectively. 

[0207] It is assumed that, in FIGS. 11-13, cellular phone 
100 and memory card 110 correspond to the transmission 
side whereas cellular phone 102 and memory card 112 
correspond to the reception side. It is assumed that a 
memory card 112 having a structure similar to that of 
memory card 110 is loaded in cellular phone 102. Compo- 
nents in memory card 112 corresponding to those of memory 
card 110 have the same reference characters allotted. 

[0208] Referring to FIG. 11, a content transfer request is 
issued from cellular phone 100 of user 1 at the transmission 
side through the operation of the key button on touch key 
unit 1108 (step S300). 

[0209] The generated transfer request is transmitted to 
memory card 112 via cellular phone 120 of user 2 at the 
reception side. At memory card 112, public encryption key 
KPmc(2) corresponding to memory card 112 is output as 
authentication data {KPmc(2)}KPma from authentication 
data hold unit 1500.1 (step S301). 

[0210] Authentication data {KPmc(2)}KPma of memory 
card 112 is transmitted from cellular phone 120 of user 2, 
and received by memory card 110 of cellular phone 110 of 
user 1 (step S3 02). 

[0211] At memory card 110, decryption processing unit 
1408 executes a decryption process. Decrypted public 
encryption key KPmc(2) is accepted (step S303). 

[0212] When public encryption key KPmc(2) encrypted 
using authentication key KPma is properly registered and 
subjected to proper encryption, i.e., when decryption is 
allowed using authentication key KPma and associated data 
generated during decryption can be confirmed and there is 
no record of inhibiting usage of authentication key KPma at 
license hold unit 1440, determination is made that the 
authentication result through authentication key KPma is 
valid, and control proceeds to step S3 12 (step S304). When 
decryption is not allowed, or when associated data generated 
during description cannot be confirmed or usage of authen- 
tication key KPma is inhibited, memory card 112 is notified 
that the authentication result by authentication key KPma is 
invalid (step S 04). 

[0213] When the authentication result by authentication 
key KPma is invalid, memory card 112 outputs public 
encryption key KPmc(2) corresponding to memory card 112 
as authentication data {KPmc(2)}KPmb from authentication 
data hold unit 1500.2 (step S305). 

[0214] Authentication data {KPmc(2)}KPmb of memory 
card 112 is transmitted from cellular phone 120 of user 2, 
and received by memory card 110 via cellular phone 110 of 
user 1 (step S306). 
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[0215] At memory card 110, a decryption process is 
executed by decryption processing unit 1408, whereby 
decrypted public encryption key KPmc(2) is accepted (step 
S307). 

[0216] When public encryption key KPmc(2) encrypted 
with authentication key KPmb is registered properly and 
subjected to proper encryption, i.e. when decryption through 
authentication key KPmb is allowed and associated data 
generated during decryption can be confirmed and inhibition 
of the usage of authentication key KPmb is not recorded in 
license hold unit 1440, determination is made that the 
authentication result by authentication key KPmb is valid, 
and control proceeds to step S3 12 (step S308). When 
decryption is not allowed, or when associated data generated 
during decryption cannot be confirmed or usage of authen- 
tication key KPmb is inhibited, determination is made that 
the authentication result by authentication key KPmb is 
invalid and the access is fraudulent from an unauthorized 
apparatus. Thus, the process ends (step S3 60). 

[0217] When the authentication result is verified, control- 
ler 1420 instructs session key generation unit 1418 to output 
session key Ks3 generated at the transmission side during 
the transfer session. Session key Ks3 generated by session 
key generation unit 1418 is transmitted to encryption pro- 
cessing unit 1410. Encryption processing unit 1410 receives 
public encryption key KPmc(2) of memory card 112 
decrypted by decryption processing unit 1408 at step S306 
and encrypts session key Ks3 using public encryption key 
KPmc(2) (step S3 12). Encrypted session key {Ks3}Kmc(2) 
is output onto data bus BS3 (step S314). 

[0218] Session key {Ks3}Kmc(2) output onto data bus 
BS3 is transmitted to memory card 112 via memory inter- 
face 1200, cellular phone 100 and cellular phone 120. 

[0219] Memory card 112 receives {Ks3}Kmc(2) output 
from memory card 110. Decryption processing unit 1404 
executes a decryption process using secret encryption key 
Kmc(2) corresponding to memory card 112, whereby ses- 
sion key Ks3 generated by memory card 110 of the trans- 
mission side is accepted (step S3 16). 

[0220] In response to reception of session key Ks3, con- 
troller 1420 of memory card 112 instructs session key 
generation unit 1418 to generate session key Ks2 that is to 
be generated at the reception side in the transfer session. The 
generated session key Ks2 is transmitted to encryption 
processing unit 1406 via contact Pf of switch 1446 and 
contact Pc of switch 1444. 

[0221] Encryption processing unit 1406 receives session 
key Ks3 obtained at step S316 from decryption processing 
unit 1404 to decrypt session key Ks2 and public encryption 
key KPmc(2) obtained through contact Pc of switch 1444 
and switching between contacts Pf and Pe of switch 1446. 
The encrypted {Ks2//KPm(2)}Ks3 is output onto data bus 
BS3 (step S318). 

[0222] Encrypted data {Ks2//KPm(2)}Ks3 output onto 
data bus BS3 is transmitted to data bus BS3 of memory card 
110 via cellular phones 102 and 100. 

[0223] At memory card 110, encrypted data transmitted 
onto data bus BS3 is decrypted by decryption processing 
unit 1412 using session key Ks3, whereby session key Ks2 



and public encryption key KPm(2) associated with memory 
card 112 are accepted (step S320). 

[0224] In response to reception of session key Ks2 and 
public encryption key KPm(2), controller 1420 of memory 
card 110 confirms access restriction information AC1 in 
license hold unit 1440 (step S322). When transfer of the 
reproduction information according to access control infor- 
mation AC1 is disabled, the transfer operation ends at this 
stage (step S3 60). 

[0225] When the transfer session is allowed as a result of 
confirming access control information AC1, control pro- 
ceeds to step S324. Controller 1420 saves access control 
information AC1 of license hold unit 1440, and modifies the 
value in the license hold unit to OOOOh (step S324). In 
response, the process of confirming access control informa- 
tion AC1 is carried out in the reproduction session and 
transfer session, whereby subsequent respective sessions 
will be inhibited thereafter. The content data transferred to 
memory card 112 will no longer be able to be reproduced or 
transferred again at memory card 110. 

[0226] Then, controller 1420 obtains the corresponding 
content ID and license ID from license hold unit 1440 (step 
S325). 

[0227] Controller 1420 also designates memory 1415 to 
output encrypted data {Kc//AC2//license ID//content ID// 
ACl}Km(l) related to reproduction information including 
content decryption key Kc corresponding to the transferred 
content data. The encrypted data {Kc//AC2//license ID// 
content ID//ACl}Km(l) output from memory 1415 is 
decrypted by decryption processing unit 1422, whereby Kc 
and AC2 are obtained on data bus BS4 (step S326). 

[0228] The license ID and content ID from license hold 
unit 1440 and the saved access restriction information AC1 
obtained at step S325 as well as Kc and AC2 obtained at step 
S326 are fetched by encryption processing unit 1424 from 
data bus BS4 to be encrypted. Encryption processing unit 
1424 encrypts these data using public encryption key 
KPm(2) unique to memory card 112 obtained by decryption 
processing unit 1412 at step S320 to generate data {Kc// 
AC2//license ID//content ID//ACl}Km(2) (step S328). 

[0229] Encrypted data {Kc//AC2//license ID//content ID// 
ACl}Km(2) output onto data bus BS4 is transmitted to 
encryption processing unit 1406 via contact Pd in switch 
1444. Encryption processing unit 1406 receives via contact 
Pb of switch 1442 session key Ks2 generated by memory 
card 112 obtained by decryption processing unit 1412 to 
encrypt the data received at contact Pd. 

[0230] Encryption processing unit 1406 provides {{Kc// 
AC2//license ID//content ID//ACl}Km(2)}Ks2 onto data 
bus BS3 (step S330). The encrypted data output onto data 
bus BS3 at step S330 is transmitted to memory card 112 
which is the reception side of the transfer session via cellular 
phones 100 and 102. 

[0231] At memory card 112, decryption processing unit 
1412 applies decryption based on session key Ks2 generated 
by session key generation unit 1418, whereby {Kc//AC2// 
license ID//content ID//ACl}Km(2) is accepted (step S332). 

[0232] Data {Kc//AC2//license ID//content ID// 
ACl}Km(2) is recorded in memory 1415 not located in 
module TRM (step S334). 
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[0233] Encrypted data {Kc//AC2//license ID//content ID// 
ACl}Km(2) encrypted with public encryption key KPm(2) 
is decrypted by decryption processing unit 1422 using 
private decryption key Km (2) unique to memory card 112, 
whereby the license ID, content ID, and access restriction 
information AC1 are accepted (step S336). 

[0234] The license ID, content ID, and access restriction 
information AC1 received at decryption processing unit 
1422 are recorded in a bank specified by license hold unit 
1440 (step S338). 

[0235] Thus, in response to the proper end of the process 
up to step S338 corresponding to the transfer of reproduction 
information including content decryption key Kc, a content 
data replicate request is issued via cellular phone 102 (step 
S340). 

[0236] The content data replicate request is transmitted to 
memory card 110 via cellular phone 100. In response, 
encrypted content data {DatajKc and additional information 
Data-inf are output onto data bus BS3 from memory 1415 of 
memory card 110 (step S342). The data output onto data bus 
BS3 is transmitted to memory card 112 via memory inter- 
face 1200, and cellular phones 100 and 102 to be stored in 
memory 1415 of memory card 112 (step S344). 

[0237] Upon completion of the recording of encrypted 
content data {DatajKc and additional information Data-inf, 
transfer acceptance is transmitted via cellular phone 102 
(step S346). 

[0238] Thus, music can be listened through cellular phone 
102 based on encrypted content data {DatajKc and content 
decryption key Kc recorded in memory card 112 as long as 
a proper reproduction session is executed by memory card 
112 and corresponding cellular phone 102. 

[0239] At cellular phone 100 of the transmission side, 
transfer acceptance issued from cellular phone 102 is 
received (step S348). The user designates whether to erase 
or retain the content data via touch key 110 (step S350). 

[0240] In response to designation of content data erasure 
through touch key unit 1108, the corresponding encrypted 
content data {DatajKc and additional information Data-inf 
are erased from memory 1415 in memory card 110 (step 
S354). When storage of content data is designated, step S354 
is skipped. The transfer process ends at this stage (step 
S356). 

[0241] Following transfer process end step S356 corre- 
sponding to a normal transfer session, or skipping from steps 
S308 and S322 when the transfer session has being aborted 
based on authentication and checking of access control 
information AC1, the process of the entire transfer session 
ends (step S360). 

[0242] The reproduction information such as the corre- 
sponding content ID recorded in license storage unit 1440 
attains a state similar to that of erasure since access control 
information AC1 is updated at step S324 and the reproduc- 
tion session and transfer session are inhibited. The bank 
recorded with reproduction information of such a state can 
be overwritten when receiving distribution or transfer of 
reproduction information corresponding to new content 
data. Therefore, at step S324, an effect similar to that where 
all the data in the bank is erased is achieved. 



[0243] In the state where encrypted content data is 
recorded and held in memory 1415, accessing distribution 
server 30 to receive reception of the reproduction informa- 
tion will allow reproduction of the encrypted content data. 
As a result, the user can listen to the music. The process of 
distributing only reproduction information is as described 
above with reference to FIGS. 7-9. 

[0244] By the above -described structure, encrypted data is 
transferred after verifying authenticity of the content repro- 
duction circuit (cellular phone) and memory card of the 
reception side in a transfer session. Therefore, the system 
security is further improved. 

SECOND EMBODIMENT 

[0245] FIG. 14 is a block diagram showing a structure of 
memory card 114 of the second embodiment, comparable to 
FIG. 6 of the first embodiment. 

[0246] Referring to FIG. 14, memory card 114 differs 
from memory card 110 of the first embodiment shown in 
FIG. 6 in including a K(l) hold unit storing a secret key 
K(l) of a symmetric key scheme unique to the memory card, 
an encryption processing unit 1452 encrypting data on data 
bus BS4 using secret key K(l), and a decryption processing 
unit 1454 decrypting data on data bus BS4 using secret key 
K(l). 

[0247] The remaining features are similar to those of the 
structure of memory card 110 of the first embodiment. 
Corresponding components have the same reference char- 
acters, and description thereof will not be repeated. 

[0248] FIG. 15 is a diagram to describe the property of the 
keys associated with encryption used in communication and 
distributing data in the data distribution system of the second 
embodiment. 

[0249] The difference in characteristics as to the key and 
distributing data in the data distribution system of the first 
embodiment shown in FIG. 2 is that a secret key K(l) 
unique to the memory card is used. The remaining elements 
are similar to those of the first embodiment. Therefore, 
description thereof will not be repeated. 

Distribution Process 

[0250] FIGS. 16, 17 and 18 are the first, second and third 
flow charts, respectively, to describe the distribution opera- 
tion in the event of purchasing content data in the data 
distribution system of the second embodiment, and is com- 
parable to FIGS. 7-9, respectively, of the first embodiment. 

[0251] FIGS. 16-18 correspond to the operation of user 1 
receiving content data distribution from distribution server 
30 via cellular phone 100 by using memory card 114. 

[0252] The distribution process differs from the distribu- 
tion process of memory card 110 of the first embodiment in 
that step SI 66 is removed, and a step S170 described 
afterwards is carried out following step S168. 

[0253] More specifically, content decryption key Kc, 
reproduction circuit restriction information AC2, the license 
ID, content ID and access restriction information AC1 
received at step S168 are encrypted again by encryption 
processing unit 1452 using a secret key K(l) unique to 
memory card 110. The encrypted data {Kc//AC2//license 
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ID//content ID//AC1}K(1) is recorded in memory 1415 
outside module TRM (step S170). 

[0254] The reason why content decryption key Kc, repro- 
duction circuit control information AC2, the license ID, 
content ID and access restriction information AC1 are 
decrypted using private decryption key Km(l) at step S168 
and then encrypted using secret key K(l) to be stored in 
memory 1415 is set forth in the following. 

[0255] There is a possibility that the time required for the 
decryption process is extremely time consuming depending 
upon the combination of public encryption key KPm(l) and 
private decryption key Km(l) according to the public key 
scheme of asymmetric keys. 

[0256] By encrypting these data using a public secret key 
K(l) unique to the memory card according to a symmetric 
key scheme that allows high speed decryption, the decryp- 
tion process on content decryption key Kc and. reproduction 
restriction information AC2 which are required for the 
reproduction process can be speeded in the content data 
reproduction process corresponding to the encrypted content 
data. 

[0257] Furthermore, by altering the key used in the data 
transmission and the key for storage in the memory card, the 
level of security is improved. 

[0258] As to the aforementioned public key scheme, the 
RAS cryptosystem (Rivest-Shamir-Adleman cryptosystem) 
and elliptic curve cryptosystem are known. As to the sym- 
metric key encryption scheme, the DES (Data Encryption 
Standard) encryption scheme is known. 

[0259] The above description is based on the structure of 
encrypting all the encrypted data based on key KPm(l)/ 
Km(l) of the asymmetric public key encryption system 
using symmetric secret key K(l). Alternatively, a structure 
can be implemented in which data license ID, content ID and 
access restriction information AC1 stored in license hold 
unit 1440 provided in the TRM region in memory card 110 
are not encrypted again and not stored in memory 1415, and 
encrypt content decryption key Kc and reproduction circuit 
control information AC2 are encrypted using secret key K(l) 
to be stored in memory 1415. 

[0260] The remaining elements are similar to those of the 
distribution operation of the first embodiment. Correspond- 
ing steps have the same reference characters allotted, and 
description thereof will not be repeated. 

Reproduction Process 

[0261] FIG. 19 is a flow chart to describe the operation of 
each component in a reproduction session using the memory 
card of the second embodiment. 

[0262] The reproduction session of the second embodi- 
ment differs from the reproduction process for memory card 
110 of the first embodiment shown in FIG. 10 in that a step 
S226' of FIG. 19 is carried out instead of step S226 of FIG. 
10 in a memory card 114. Specifically, in response to 
designation from controller 1420, encrypted data {Kc// 
AC2//license ID//content ID//AC1}K(1) read out onto data 
bus BS4 from memory 1415 is decrypted by decryption 
processing unit 1454 using secret key K(l) stored in K(l) 
hold unit 1450 to obtain content decryption key Kc and 
reproduction circuit restriction information AC2. 



[0263] The remaining elements are similar to those of the 
reproduction operation of the first embodiment. Correspond- 
ing steps have the same reference characters allotted, and 
description thereof will not be repeated. 

[0264] By such a structure, the time required for the 
decryption process in order to read out content decryption 
key Kc and reproduction circuit control information AC2 
required for reproduction from memory card 110 in a 
reproduction session can be reduced. The user can initiate 
music reproduction promptly in response to a reproduction 
request. 

[0265] The transfer operation of the memory card of the 
second embodiment is basically similar to the transfer 
operation of the first embodiment, provided that, in step 
S326 of FIG. 12, data {Kc//AC2//license ID//content ID// 
AC1}K(1) obtained from memory 1415 is decrypted using 
secret key K(l). 

[0266] It is to be also noted that step S334 is not carried 
out at the memory card of the reception side. Content 
reproduction key Kc, reproduction circuit restriction infor- 
mation AC2, the license ID, content ID and access restric- 
tion information AC1 received at step S336 are encrypted 
again by encryption processing unit 1452 using secret key 
K(2) unique to the memory card, stored in K(2) hold unit 
1450. The encrypted {Kc//AC2//license ID//content ID// 
AC1}K(2) is recorded in memory 1415 outside module 
TRM. 

THIRD EMBODIMENT 

[0267] FIG. 20 is a block diagram showing a structure of 
a memory card 116 of the third embodiment, comparable to 
FIG. 6 of the first embodiment. 

[0268] Referring to FIG. 20, memory card 116 differs 
from memory card 110 of the first embodiment shown in 
FIG. 6 in that memory 1415 is provided within module 
TRM. Furthermore, the structure of each bank in license 
hold unit 1440 is different. The bank is altered so as to hold 
the entire reproduction information. 

[0269] The remaining elements are similar to those of the 
structure of memory card 110 of the first embodiment. 
Corresponding components of the same reference characters 
allotted and description thereof will not be repeated. 

[0270] FIGS. 21, 22 and 23 are the first, second and third 
flow charts, respectively, to describe the distribution opera- 
tion in the event of purchasing content data at the data 
distribution system of the third embodiment, and are com- 
parable to FIGS. 7-9, respectively, of the first embodiment. 

[0271] FIGS. 21-23 correspond to the operation of the user 
receiving content data distribution from distribution server 
30 via cellular phone 100 by using memory card 116. 

[0272] The present distribution process differs from that of 
memory card 110 of the first embodiment in that the record- 
ing process of data {Kc//AC2//license ID//content ID// 
ACl}Km(l) into memory 1415 at step S166 is not carried 
out in memory card 116, and a step S172' is carried out 
instead of step S172. At step S172', content decryption key 
Kc, reproduction circuit control information AC2, the 
license ID, content ID and access restriction information 
AC1 are recorded in a bank j that is the j-th empty bank in 
license hold unit 1440. 
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[0273] The remaining elements are similar to those of the 
distribution operation of the first embodiment. Correspond- 
ing steps have the same reference characters allotted, and 
description thereof will not be repeated. 

Reproduction Process 

[0274] FIG. 24 is a flow chart to describe the reproduction 
operation using memory card 116 of the third embodiment. 

[0275] The reproduction operation differs from that of the 
first embodiment shown in FIG. 10 in that a step S226' is 
carried out instead of step S226. At step S226', content 
decryption key Kc and reproduction circuit restriction infor- 
mation AC2 of the song requested to be reproduced held in 
license hold unit 1440 are obtained. 

[0276] The remaining elements are similar to those of the 
distribution operation of the first embodiment. Correspond- 
ing steps have the same reference characters allotted, and 
description thereof will not be repeated. 

Transfer Process 

[0277] FIGS. 25, 26 and 27 are the first, second and third 
flow charts, respectively, to describe the process of trans- 
ferring content data and keys via cellular phones 100 and 
102 between two memory cards 116 and 118 according to 
the third embodiment, and are comparable to FIGS. 11-13, 
respectively, of the first embodiment. 

[0278] In FIGS. 25-27, the natural number x to identify the 
types of cellular phone 100 and memory card 116 is set to 
x=l, and the natural number x to identify the types of 
cellular phone 102 and memory card 118 is set to x=2. The 
natural number i to identify memory card 116 and memory 
card 118 is set to i=l and i=2, respectively. 

[0279] It is assumed that, in FIGS. 25-27, cellular phone 
100 and memory card 116 correspond to the transmission 
side whereas cellular phone 102 and memory card 118 
correspond to the reception side. It is assumed that a 
memory card 118 having a structure similar to that of 
memory card 116 is loaded in cellular phone 102. Compo- 
nents in memory card 118 corresponding to those of memory 
card 116 have the same reference characters allotted. 

[0280] The transfer process of the present embodiment 
differs from the transfer process of the first embodiment as 
set forth below. 

[0281] i) Step S325' is carried out instead of step S325 of 
FIG. 12 to obtain content decryption key Kc, reproduction 
circuit control information AC2, license ID, content ID and 
access restriction information AC1 from license hold unit 
1440. 

[0282] ii) Reading out data from memory 1415 in step 
S326 is omitted. 

[0283] iii) Step 328' is carried out instead of step 328 to 
encrypt content decryption key Kc, reproduction circuit 
control information AC2, license ID, content ID and access 
restriction information AC1 obtained from license hold unit 
1440 using encryption key KPm(2) to generate {Kc//AC2// 
license ID//content ID//ACl}Km(2). 

[0284] iv) The recording process into the memory of step 
S334 is omitted. 



[0285] v) Step S336' is carried out instead of step S336 to 
execute the process of accepting content decryption key Kc, 
reproduction circuit control information AC2, license ID, 
content ID and access restriction information AC1 by having 
decryption processing unit 1422 use private decryption key 
Km(2) unique to memory card 112 to decrypt {Kc//AC2// 
license ID//content ID//ACl}Km(2) encrypted with public 
encryption key KPm(2). 

[0286] vi) Step S338' is carried out instead of step S338 to 
record content decryption key Kc, reproduction circuit con- 
trol information AC2, license ID, content ID and access 
restriction information AC1 accepted by decryption process- 
ing unit 1422 in the bank specified by license hold unit 1440. 

[0287] The remaining elements are similar to those of the 
transfer operation of the first embodiment. Corresponding 
steps have the same reference characters allotted, and 
description thereof will not be repeated. 

[0288] By the above structure, an advantageous effect 
similar to that of the first embodiment can be achieved. 

[0289] Respective processes of the first, second and third 
embodiments only differ in the process within the memory 
card, and there is no difference in data encryption outside the 
memory card. Transfer can be carried out by any combina- 
tion of memory cards 110, 114 and 116 of the respective 
embodiments described previously as a combination of the 
transmission side and the reception side. 

[0290] Therefore, memory cards 110, 114 and 116 are 
compatible memory cards. 

[0291] The above description is based on the assumption 
that memory 1415 is a nonvolatile semiconductor recording 
medium that can be read and written arbitrarily, for example, 
a flash memory. However, a structure can be implemented in 
which memory 1415 is a semiconductor memory device 
dedicated for readout such as a mask ROM having content 
data, an encrypted content decryption key and the like 
already written therein at the stage of fabrication, and a 
portion of the reproduction information such as access 
restriction information AC1 and license ID is distributed. 

[0292] Memory 1415 is not limited to a semiconductor 
recording medium, and may be another recording medium 
such as a card disk or optical disk. In this case, the license 
is recorded in an encrypted state similar to memory card 110 
and memory card 116 when absent of module TRM. 

[0293] The above description is based on a structure in 
which the process of receiving distributed data and storing 
the same in a memory card is effected through a cellular 
phone. However, the present invention is not limited to such 
a case, and a structure may be implemented in which the 
distributed data is stored with respect to a memory card by 
a dedicated terminal device to receive distribution, absent of 
the content reproduction circuit. 

[0294] The usage of authentication key KPma in memory 
cards 110, 112 and 116 is inhibited through "KPma usage 
inhibit notification" in the above description. The usage can 
be inhibited using a certification revocation list CRL. In this 
case, the latest certification revocation list CRL is transmit- 
ted instead of "CPma usage inhibit notification" in the 
distribution session. Authentication data included in certifi- 
cation revocation list CRL, i.e. authentication data that can 
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be authenticated through authentication key KPma, is 
excluded from the authentication subject in the memory 
card. 

[0295] Although the present invention has been described 
and illustrated in detail, it is clearly understood that the same 
is by way of illustration and example only and is not to be 
taken by way of limitation, the spirit and scope of the present 
invention being limited only by the terms of the appended 
claims. 

1. (Amended) A license information storage apparatus 
(110, 114) to store license information supplied individually 
apart from encrypted content data, and that allows repro- 
duction of encrypted content data, comprising: 

first storage means (1440) for storing at least a portion of 
said license information, 

a plurality of authentication data hold means (1400.1, 
1400.2), each for storing a plurality of authentication 
data that can be authenticated respectively by a plural- 
ity of public authentication keys, 

said plurality of authentication data having a predeter- 
mined value predefined during fabrication of said 
license information storage apparatus, and can authen- 
ticate a first public encryption key corresponding to a 
type of said license information storage apparatus with 
respective said plurality of public authentication keys, 

first select means (SW2) for selectively providing said 
authentication data from said plurality of authentication 
data hold means outside of said license information 
storage apparatus according to a request external to said 
license information storage apparatus, 

first key hold means (1402) for storing a first private 
decryption key asymmetric to said first public encryp- 
tion key, and used to decrypt data encrypted with said 
first public encryption key, 

first decryption means (1404) receiving a first symmetric 
key supplied from a supply source of said license 
information, and encrypted by said first public encryp- 
tion key for decrypting the received first symmetric key 
using said first private decryption key, 

session key generation means (1418) for generating a 
second symmetric key, 

session key encryption means (1406) for encrypting said 
second symmetric key used for encryption of said 
license information by said first symmetric key to 
supply the encrypted key to said supply source of said 
license information, and 

session key decryption means (1412) receiving said 
license information supplied from a supply source of 
said license information, and encrypted with said sec- 
ond symmetric key for decrypting the received license 
key with said second symmetric key. 

2. (Canceled) 

3. (Canceled) 

4. (Amended) The license information storage apparatus 
according to claim 1, further comprising: 

second key hold means (1416) for storing a second public 
encryption key predefined for each said license infor- 
mation storage apparatus, 



third key hold means (1421) for storing a second private 
decryption key asymmetric to said second public 
encryption key, and used to decrypt data encrypted with 
said second public encryption key, and 

second decryption means (1422) receiving said license 
information encrypted with said second public encryp- 
tion key for decrypting the license information by said 
second private decryption key, 

wherein said session key encryption means encrypts said 
second public encryption key together with said second 
symmetric key using said first symmetric key for output 
to be provided to said supply source of said license 
information, 

wherein said session key decryption means receives said 
license information supplied from said supply source of 
said license information, encrypted by said second 
public encryption key, and further encrypted by said 
second symmetric key for decrypting the received 
license information using said second symmetric key. 

5. (Amended) The license information storage apparatus 
according to claim 4, wherein at least said first storage 
means, said plurality of authentication data hold means, said 
first select means, said first key hold means, said second key 
hold means, and said first decryption means are provided in 
a protection region (TRM) to disable access from an external 
source. 

6. (Amended) The license information storage apparatus 
according to claim 4, further comprising: 

second storage means for storing in an encrypted state a 
content decryption key from said license information to 
decrypt said encrypted content data, 

a fourth key hold unit (1450) storing at least one sym- 
metric type secret unique key in a symmetric key 
scheme, unique to every said license information stor- 
age apparatus, and 

first encryption means (1452) receiving and encrypting an 
output of said second decryption means using said 
secret unique key, 

wherein said second storage means stores said content 
decryption key encrypted by said first encryption 
means, and 

third decryption means (1454) for decrypting said content 
decryption key stored in said second storage means 
using said secret unique key. 

7. (Amended) The license information storage apparatus 
according to claim 1, wherein 

said first storage means is a semiconductor memory, and 

said license information storage apparatus is a memory 
card. 

8. (Amended) The license information storage apparatus 
according to claim 1, further comprising third storage means 
(1415) for storing said encrypted content data. 

9. (Amended) The license information storage apparatus 
according to claim 1, further comprising: 

a plurality of authentication key hold means (1414.1, 
1414.2) for storing said plurality of public authentica- 
tion keys used to decrypt authentication data input from 
another apparatus for authentication, 
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second select means (1448) for selecting and providing 
one of said public authentication keys from said plu- 
rality of authentication key hold means, 

authentication data decryption means (1408) for decrypt- 
ing said authentication data input from said another 
apparatus using said public authentication key input 
from said second select means, and 

control means (1420) determining whether to output at 
least a portion of license information to said another 
apparatus based on at least one of said authentication 
data input from said another apparatus and a decryption 
result of said authentication data decryption means for 
controlling output of said at least a portion of said 
license information when determination is made to 
output. 

10. (Amended) A content reproduction apparatus (100) 
decrypting encrypted content data for reproduction of con- 
tent data, comprising: 

a data storage unit (110) detachable from said content 
reproduction apparatus, storing said encrypted content 
data and a content decryption key supplied individually 
apart from said encrypted content data, and required to 
decrypt said encrypted content data, and providing said 
content decrypting key in an encrypted state, and 

a data reproduction unit receiving an output from said 
data storage unit to reproduce said encrypted content 
data, 

wherein said data reproduction unit comprises 

first decryption means (1510) for carrying out a decryp- 
tion process using a first symmetric key, based on 
said encrypted content decryption key from said data 
storage unit to extract said content decryption key, 

second decryption means (1516) receiving and decrypt- 
ing said encrypted content data read out from said 
data storage unit using an output of said first decryp- 
tion means to extract content data, and 

a plurality of authentication data hold means (1500.1, 
1500.2), each for storing a plurality of authentication 
data that can be respectively authenticated with 
respective plurality of public authentication keys, 
and allowing output to said data storage unit, 

said plurality of authentication data having a prede- 
termined value predefined during fabrication of 
said content reproduction apparatus, and can 
authenticate a first public encryption key corre- 
sponding to a type of said content reproduction 
apparatus with respective said plurality of public 
authentication keys, 

select means (SW1) for selectively providing data from 
said plurality of authentication data hold means 
outside of said data reproduction unit according to a 
request external to said data reproduction unit, 

first key hold means (1502) for storing a first private 
decryption key asymmetric to said first public 
encryption key, and used to decrypt data encrypted 
by said first public encryption key, 

third decryption means (1504) receiving a second sym- 
metric key encrypted by said first public encryption 



key from said data storage unit for decrypting the 
received second symmetric key using said first pri- 
vate decryption key, 

session key generation means (1508) for generating 
said first symmetric key, and 

session key encryption means (1506) for encrypting 
said first symmetric key to be used for encryption of 
said content decryption key by said second symmet- 
ric key for provision to said data storage unit 

wherein said data storage unit comprises control means 
(1420) conducting an authentication process based on 
said authentication data from said select means to 
determine whether to output said encrypted content 
decryption key to said data reproduction unit based on 
an authentication result for controlling output to output 
said encrypted content decryption key that is encrypted 
by said first symmetric key when determination is made 
to output said content decryption key to said data 
reproduction unit. 

11. (Amended) The content reproduction apparatus 
according to claim 10, wherein said data storage unit 
includes a memory card detachable from said data repro- 
duction unit. 

12. (Amended) A content reproduction apparatus (100) to 
decrypt encrypted content data using a content decryption 
key for reproduction, loaded with a license information 
storage apparatus storing said encrypted content data and a 
content decryption key supplied individually apart from said 
encrypted content data, and required to decrypt and repro- 
duce said encrypted content data, comprising: 

first decryption means (1510) for performing decryption 
by a first symmetric key based on said content decryp- 
tion key from said the license information storage 
apparatus to extract said content decryption key, 

second decryption means (1516) receiving and decrypting 
said encrypted content data read from said the license 
information storage apparatus using an output of said 
first decryption means to extract content data, and 

a plurality of authentication data hold means (1500.1, 
1550.2) each for storing a plurality of authentication 
data that can be authenticated using respective plurality 
of authentication keys stored in said license informa- 
tion storage apparatus, and allowing output to said 
license information storage apparatus, 

said plurality of authentication data having a predeter- 
mined value predefined during fabrication of said con- 
tent reproduction apparatus, and that can authenticate a 
first public encryption key corresponding to a type of 
said content reproduction apparatus with respective 
said plurality of public authentication keys, 

select means (SW1) for selectively providing one of said 
plurality of authentication data to said the license 
information storage apparatus for output, 

first key hold means (1502) for storing a first private 
decryption key asymmetric to said first public encryp- 
tion key, and used to decrypt data encrypted by said 
first public encryption key, 

third decryption means (1504) receiving a second sym- 
metric key encrypted by said first public encryption key 
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from said license information storage apparatus for 
decrypting the received second symmetric key using 
said first private decryption key, 

session key generation means (1508) for generating said 
first symmetric key, and 

session key encryption means (1506) for encrypting said 
first symmetric key to be used for encryption of said 
content decryption key by said second symmetric key 
for provision to said license information storage appa- 
ratus. 

13. (Amended) A license information distribution system 
to distribute encrypted content data, and license information 
supplied individually apart from said encrypted content data 
and that allow reproduction of at least said encrypted content 
data, comprising: 

a server (10) to distribute said license information includ- 
ing a content decryption key used to decrypt said 
encrypted content data, and 

a reception terminal (100) receiving said distributed 
license information, 

wherein said reception terminal comprises 

data storage unit (110, 114) detachable from said recep- 
tion terminal for storing said encrypted content data 
and a content decryption key required to decrypt said 
encrypted content data, and providing said content 
decryption key in an encrypted state, 

wherein said data storage unit comprises 

first storage means (1415) for storing said encrypted 
content data, 

second storage means (1440) for storing at least a 
portion of said license information distributed by 
said distribution system, and 

a plurality of first authentication data hold means 
(1400.1, 1400.2) each for storing a plurality of 
authentication data that can be authenticated by 
respective plurality of said public authentication 
keys common to said distribution system, 

said plurality of authentication data having a prede- 
termined value predefined during fabrication of 
said data storage unit, and that can authenticate a 
first public encryption key corresponding to a type 
of said data storage unit with respective said 
plurality of public authentication keys, 

first select means (SW2) for selectively providing 
authentication data from said plurality of first 
authentication data hold means outside of said 
data storage unit according to a request external to 
said data storage unit, 

first key hold means (1402) for storing a first private 
decryption key asymmetric to said first public 
encryption key, and used to decrypt data encrypted 
with said first public encryption key, 

first decryption means (1404) receiving a first sym- 
metric key encrypted by said first public encryp- 
tion key from said server for decrypting the 
received key with said first private decryption key, 



session key generation means (1418) for generating 
a second symmetric key, 

session key encryption means for encrypting said 
second symmetric key used for encryption of said 
license information said first symmetric key to 
supply the encrypted key to said server, and 

session key decryption means (1412) receiving said 
license information supplied from a supply source 
of said license information, and encrypted with 
said second symmetric key for decryption with 
said second symmetric key, 

wherein said server comprises first control means (315) 
to conduct an authentication process based on said 
authentication data from said data storage unit for 
encrypting said license information using said sec- 
ond symmetric key for distributing said license infor- 
mation when authentication is valid. 
14. (Amended) The license information distribution sys- 
tem according to claim 13, wherein said reception terminal 
further comprises a data reproduction unit decrypting said 
encrypted content data from said data storage unit to repro- 
duce content data, 

said data reproduction unit including 

first decryption means (1510) for performing a decryp- 
tion process using a first symmetric key based on 
said encrypted content decryption key from said data 
storage unit to extract said content decryption key, 

second decryption means (1516) receiving and decrypt- 
ing said encrypted content data read out from said 
data storage unit using an output of said first decryp- 
tion means to extract content data, 

a plurality of second authentication data hold means 
(1500.1, 1500.2), each for storing a plurality of 
authentication data that can be authenticated by 
respective plurality of public authentication keys 
common to said distribution system, and allowing 
output to said data storage unit, and 

second select means (SW 1) selectively providing data 
from said plurality of second authentication data 
hold means outside of said data reproduction unit 
according to a request external to said data repro- 
duction unit, 

wherein said data storage unit further comprises 

a plurality of authentication key hold means (1411.1, 
1414.2) for storing said plurality of public authen- 
tication keys used to decrypt said authentication 
data from said second select means for authenti- 
cation, 

third select means (1448) for selecting and providing 
one of said public authentication key required to 
decrypt said authentication data from said second 
select means, and 

second control means (1106) for conducting an 
authentication process of said authentication data 
from said second select means using said public 
authentication key selected by said third select 
means to determine whether to output said license 
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information, and controlling output of said license 
information when determination is made to out- 
put. 

15. (Amended) The license information distribution sys- 
tem according to claim 13, wherein said data storage unit 
includes a memory card detachable from said data repro- 
duction unit. 

16. (Added) A content reproduction apparatus (100) 
decrypting encrypted content data using a content decryp- 
tion key supplied individually apart from said encrypted 
content data and required to decrypt said encrypted content 
data for reproduction of content data, comprising: 

first decryption means (1510) for applying a decryption 
process by a first symmetric key based on said content 
decryption key that is encrypted and supplied to extract 
said content decryption key, 

second decryption means (1516) receiving and decrypting 
said encrypted content data using an output of said first 
decryption means to extract content data, and 

a plurality of authentication data hold means (1500.1, 
1550.2) each for storing a plurality of authentication 
data that can be authenticated using respective plurality 
of public authentication keys, and allowing output 
outside said data reproduction apparatus, 

said plurality of authentication data having a predeter- 
mined value predefined during fabrication of said con- 
tent reproduction apparatus, and that can authenticate a 
first public encryption key corresponding to a type of 
said content reproduction apparatus with respective 
said plurality of public authentication keys, 

select means (SW1) for selectively providing data from 
said plurality of authentication data hold means to 
outside of said data reproduction unit for output accord- 
ing to a request external to said data reproduction unit, 

first key hold means (1502) for storing a first private 
decryption key asymmetric to said first public encryp- 
tion key, and used to decrypt data encrypted by said 
first public encryption key, 

third decryption means (1504) receiving a second sym- 
metric key encrypted by said first public encryption key 
for decrypting with said first private decryption key, 

session key generation means (1508) for generating said 
first symmetric key, and 

session key encryption means (1506) for encrypting said 
first symmetric key to be used for encryption of said 
content decryption key by said second symmetric key 
for provision to outside of said data reproduction 
apparatus. 

17. (Added) A content reproduction apparatus (100) 
receiving encrypted content data and a content decryption 
key supplied individually apart from said encrypted content 
data, and required to decrypt said encrypted content data to 
decrypt said encrypted content data using said content 
decryption key for reproduction, comprising: 

first decryption means (1510) for applying a decryption 
process using a first symmetric key based on said 
content decryption key that is encrypted to extract said 
content decryption key, 



second decryption means (1516) receiving and decrypting 
said encrypted content data using an output of said first 
decryption means to extract content data, and 

a plurality of authentication data hold means (1500.1, 
1550.2) each for storing a plurality of authentication 
data that can be authenticated using respective plurality 
of authentication keys, 

said plurality of authentication data having a predeter- 
mined value predefined during fabrication of said con- 
tent reproduction apparatus, and that can authenticate a 
first public encryption key corresponding to a type of 
said content reproduction apparatus with respective 
said plurality of public authentication keys, 

select means (SW1) for selectively providing one of said 
plurality of authentication data to said license informa- 
tion storage apparatus, 

first key hold means (1502) for storing a first private 
decryption key asymmetric to said first public encryp- 
tion key, and used to decrypt data encrypted by said 
first public encryption key, 

third decryption means (1504) receiving a second sym- 
metric key encrypted by said first public encryption key 
for decrypting with said first private decryption key, 

session key generation means (1508) for generating said 
first symmetric key, and 

session key encryption means (1506) for encrypting said 
first symmetric key to be used for encryption of said 
content decryption key using said second symmetric 
key for output. 

18. (Added) The license information storage apparatus 
according to claim 9, wherein said authentication data input 
from said another apparatus includes a third public encryp- 
tion key, 

said license information storage apparatus further com- 
prising first encryption means (1410) for encrypting 
data using said third public encryption key, 

when determination is made to output said license infor- 
mation to said another apparatus at said control means, 
said session key generation means generating a third 
symmetric key, and said first encryption means 
encrypting said third symmetric key using said third 
public encryption key for output to be provided to said 
another apparatus, 

when a fourth symmetric key encrypted by said third 
symmetric key is input from said another apparatus, 
said session key decryption means decrypting using 
said third symmetric key said fourth symmetric key 
encrypted with said third symmetric key, and said 
session key encryption means encrypting at least a 
portion of license information including said content 
decryption key using said fourth symmetric key for 
output to be supplied to said another apparatus. 

19. (Added) The license information storage apparatus 
according to claim 18, wherein a fourth public encryption 
key unique to said another apparatus is encrypted together 
with said fourth symmetric key using said third symmetric 
key, and supplied from said another apparatus, 

said license information storage apparatus further com- 
prising second encryption means (1424) encrypting 
data using said fourth public encryption key, 
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when said fourth public encryption key encrypted 
together with said fourth symmetric key by said third 
symmetric key is input from said another apparatus, 
said session key decryption means decrypting using 
said third symmetric key said received fourth public 
encryption key encrypted together with said fourth 
symmetric key by said third symmetric key, said second 
encryption means encrypting said license information 
using said fourth public encryption key, and said ses- 
sion key encryption means further encrypting using 
said fourth symmetric key said license information 
encrypted by said fourth public encryption key to be 
supplied to said another apparatus. 
20. (Added) The license information distribution system 
according to claim 11, wherein said data storage unit com- 
prises 

second key hold means (1416) for storing a second public 
encryption key predefined for each said data storage 
unit, 

third key hold means (1421) for storing a second private 
decryption key asymmetric to said second public 



encryption key, and used to decrypt data encrypted with 
said second public encryption key, and 

second decryption means (1422) for decrypting said 
license information encrypted with said second public 
encryption key, 

wherein said session key encryption means encrypts said 
second public encryption key together with said second 
symmetric key using said second symmetric key for 
output to be provided to said supply source of said 
license information, 

wherein said session key decryption means receives from 
said supply source of said license information said 
license information encrypted by said second public 
encryption key supplied, and further encrypted by said 
second symmetric key for decrypting said received 
license information by said second symmetric key. 



